async def test_private_artifacts(context_function): task_group_id = task_id = slugid.nice() override = { 'task_script': ('bash', '-c', '>&2 echo'), } async with context_function(override) as context: result = await create_task(context, task_id, task_group_id) assert result['status']['state'] == 'pending' path = os.path.join(context.config['artifact_dir'], 'SampleArtifacts/_/X.txt') utils.makedirs(os.path.dirname(path)) with open(path, "w") as fh: fh.write("bar") async with remember_cwd(): os.chdir(os.path.dirname(context.config['work_dir'])) status = await worker.run_tasks(context) assert status == 0 result = await task_status(context, task_id) assert result['status']['state'] == 'completed' url = artifacts.get_artifact_url(context, task_id, 'SampleArtifacts/_/X.txt') path2 = os.path.join(context.config['work_dir'], 'downloaded_file') await utils.download_file(context, url, path2) with open(path2, "r") as fh: contents = fh.read().strip() assert contents == 'bar'
async def download_cot(chain): """Download the signed chain of trust artifacts. Args: chain (ChainOfTrust): the chain of trust to add to. Raises: DownloadError: on failure. """ async_tasks = [] # only deal with chain.links, which are previously finished tasks with # signed chain of trust artifacts. ``chain.task`` is the current running # task, and will not have a signed chain of trust artifact yet. for link in chain.links: task_id = link.task_id url = get_artifact_url(chain.context, task_id, 'public/chainOfTrust.json.asc') parent_dir = link.cot_dir async_tasks.append( asyncio.ensure_future( download_artifacts(chain.context, [url], parent_dir=parent_dir, valid_artifact_task_ids=[task_id]))) paths = await raise_future_exceptions(async_tasks) for path in paths: sha = get_hash(path[0]) log.debug("{} downloaded; hash is {}".format(path[0], sha))
async def test_private_artifacts(context_function): task_group_id = task_id = slugid.nice() override = { 'task_script': ( 'bash', '-c', '>&2 echo' ), } async with context_function(override) as context: result = await create_task(context, task_id, task_group_id) assert result['status']['state'] == 'pending' path = os.path.join(context.config['artifact_dir'], 'SampleArtifacts/_/X.txt') utils.makedirs(os.path.dirname(path)) with open(path, "w") as fh: fh.write("bar") async with remember_cwd(): os.chdir(os.path.dirname(context.config['work_dir'])) status = await worker.run_tasks(context) assert status == 0 result = await task_status(context, task_id) assert result['status']['state'] == 'completed' url = artifacts.get_artifact_url(context, task_id, 'SampleArtifacts/_/X.txt') path2 = os.path.join(context.config['work_dir'], 'downloaded_file') await utils.download_file(context, url, path2) with open(path2, "r") as fh: contents = fh.read().strip() assert contents == 'bar'
def test_get_artifact_url(tc03x): def buildUrl(*args, **kwargs): if tc03x: raise AttributeError("foo") else: return "https://netloc/v1/rel/path" def makeRoute(*args, **kwargs): return "rel/path" context = mock.MagicMock() context.queue = mock.MagicMock() context.queue.options = {'baseUrl': 'https://netloc/'} context.queue.makeRoute = makeRoute context.queue.buildUrl = buildUrl assert get_artifact_url(context, "x", "y") == "https://netloc/v1/rel/path"
def test_get_artifact_url(path): expected = "https://netloc/v1/{}".format(path) def buildUrl(*args, **kwargs): if path.startswith('public/'): return expected def buildSignedUrl(*args, **kwargs): if not path.startswith('public/'): return expected context = mock.MagicMock() context.queue = mock.MagicMock() context.queue.options = {'baseUrl': 'https://netloc/'} context.queue.buildUrl = buildUrl context.queue.buildSignedUrl = buildSignedUrl assert get_artifact_url(context, "x", path) == expected
async def download_cot_artifact(chain, task_id, path): """Download an artifact and verify its SHA against the chain of trust. Args: chain (ChainOfTrust): the chain of trust object task_id (str): the task ID to download from path (str): the relative path to the artifact to download Returns: str: the full path of the downloaded artifact Raises: CoTError: on failure. """ link = chain.get_link(task_id) log.debug("Verifying {} is in {} cot artifacts...".format(path, task_id)) if path not in link.cot['artifacts']: raise CoTError("path {} not in {} {} chain of trust artifacts!".format( path, link.name, link.task_id)) url = get_artifact_url(chain.context, task_id, path) log.info("Downloading Chain of Trust artifact:\n{}".format(url)) await download_artifacts(chain.context, [url], parent_dir=link.cot_dir, valid_artifact_task_ids=[task_id]) full_path = link.get_artifact_full_path(path) for alg, expected_sha in link.cot['artifacts'][path].items(): if alg not in chain.context.config['valid_hash_algorithms']: raise CoTError("BAD HASH ALGORITHM: {}: {} {}!".format( link.name, alg, full_path)) real_sha = get_hash(full_path, hash_alg=alg) if expected_sha != real_sha: raise CoTError("BAD HASH: {}: Expected {} {}; got {}!".format( link.name, alg, expected_sha, real_sha)) log.debug("{} matches the expected {} {}".format( full_path, alg, expected_sha)) return full_path
async def test_private_artifacts(context_function): task_group_id = task_id = slugid.nice() override = {"task_script": ("bash", "-c", ">&2 echo")} async with context_function(override) as context: result = await create_task(context, task_id, task_group_id) assert result["status"]["state"] == "pending" path = os.path.join(context.config["artifact_dir"], "SampleArtifacts/_/X.txt") utils.makedirs(os.path.dirname(path)) with open(path, "w") as fh: fh.write("bar") async with remember_cwd(): os.chdir(os.path.dirname(context.config["work_dir"])) status = await worker.run_tasks(context) assert status == 0 result = await task_status(context, task_id) assert result["status"]["state"] == "completed" url = artifacts.get_artifact_url(context, task_id, "SampleArtifacts/_/X.txt") path2 = os.path.join(context.config["work_dir"], "downloaded_file") await utils.download_file(context, url, path2) with open(path2, "r") as fh: contents = fh.read().strip() assert contents == "bar"