def test__git_push_no_url_success(self, git_mock): with TempDirectory() as temp_dir: parent_work_dir_path = os.path.join(temp_dir.path, 'working') artifact_config = { 'container-image-version': { 'description': '', 'value': '1.0-69442c8' } } workflow_result = self.setup_previous_result( parent_work_dir_path, artifact_config) step_config = {} step_implementer = self.create_step_implementer( step_config=step_config, workflow_result=workflow_result, parent_work_dir_path=parent_work_dir_path) step_implementer._Git__git_push(None) git_mock.push.assert_called_once_with('--tag', _out=Any(IOBase), _err=Any(IOBase), _tee='err')
def test_decrypt_additional_sops_args(self, sops_mock): encrypted_config_file_path = os.path.join( os.path.dirname(__file__), 'files', 'tssc-config-secret-stuff.yml') config_value = ConfigValue( value= 'ENC[AES256_GCM,data:UGKfnzsSrciR7GXZJhOCMmFrz3Y6V3pZsd3P,iv:yuReqA+n+rRXVHMc+2US5t7yPx54sooZSXWV4KLjDIs=,tag:jueP7/ZWLfYrEuhh+4eS8g==,type:str]', parent_source=encrypted_config_file_path, path_parts=[ 'tssc-config', 'global-environment-defaults', 'DEV', 'kube-api-token' ]) sops_decryptor = SOPS(additional_sops_args=['--aws-profile=foo']) sops_decryptor.decrypt(config_value) sops_mock.assert_called_once_with( '--decrypt', '--extract=["tssc-config"]["global-environment-defaults"]["DEV"]["kube-api-token"]', None, encrypted_config_file_path, '--aws-profile=foo', _in=None, _out=Any(StringIO), _err=Any(StringIO))
def test_pom_file_valid_old_empty_jar(self, mvn_mock): artifact_id = 'my-app' version = '42.1' package = 'jar' with TempDirectory() as temp_dir: temp_dir.write( 'pom.xml', bytes( '''<project> <modelVersion>4.0.0</modelVersion> <groupId>com.mycompany.app</groupId> <artifactId>{artifact_id}</artifactId> <version>{version}</version> </project>'''.format(artifact_id=artifact_id, version=version), 'utf-8')) pom_file_path = os.path.join(temp_dir.path, 'pom.xml') config = { 'tssc-config': { 'package': { 'implementer': 'Maven', 'config': { 'pom-file': str(pom_file_path) } } } } artifact_file_name = '{artifact_id}-{version}.{package}'.format( artifact_id=artifact_id, version=version, package=package) expected_step_results = { 'tssc-results': { 'package': { 'artifacts': [{ 'path': os.path.join(temp_dir.path, 'target', artifact_file_name), 'artifact-id': artifact_id, 'group-id': 'com.mycompany.app', 'package-type': package, 'pom-path': str(pom_file_path) }] } } } mvn_mock.side_effect = create_mvn_side_effect( pom_file_path, 'target', [artifact_file_name]) run_step_test_with_result_validation(temp_dir, 'package', config, expected_step_results) settings_file_path = temp_dir.path + "/tssc-working/package/settings.xml" mvn_mock.assert_called_once_with('clean', 'install', '-f', pom_file_path, '-s', settings_file_path, _out=Any(IOBase), _err=Any(IOBase))
def test__git_push_no_url_success(self, git_mock): with TempDirectory() as temp_dir: results_dir_path = os.path.join(temp_dir.path, 'step-runner-results') results_file_name = 'step-runner-results.yml' work_dir_path = os.path.join(temp_dir.path, 'working') step_config = {} artifact_config = { 'container-image-version': { 'description': '', 'value': '1.0-69442c8' } } self.setup_previous_result(work_dir_path, artifact_config) step_implementer = self.create_step_implementer( step_config=step_config, results_dir_path=results_dir_path, results_file_name=results_file_name, work_dir_path=work_dir_path, ) step_implementer._Git__git_push(None) git_mock.push.assert_called_once_with('--tag', _out=Any(IOBase), _err=Any(IOBase), _tee='err')
def test__git_tag_success(self, git_mock): git_tag_value = "1.0+69442c8" with TempDirectory() as temp_dir: work_dir_path = os.path.join(temp_dir.path, 'working') artifact_config = { 'container-image-version': {'description': '', 'value': '1.0-69442c8'} } workflow_result = self.setup_previous_result(work_dir_path, artifact_config) step_config = {} step_implementer = self.create_step_implementer( step_config=step_config, workflow_result=workflow_result, work_dir_path=work_dir_path ) step_implementer._Git__git_tag(git_tag_value) git_mock.tag.assert_called_once_with( git_tag_value, '-f', _out=Any(IOBase), _err=Any(IOBase), _tee='err' )
def test_value_decyrpt(self, sops_mock): encrypted_config_file_path = os.path.join( os.path.dirname(__file__), 'decryptors', 'files', 'tssc-config-secret-stuff.yml') config_value = ConfigValue( value= 'ENC[AES256_GCM,data:UGKfnzsSrciR7GXZJhOCMmFrz3Y6V3pZsd3P,iv:yuReqA+n+rRXVHMc+2US5t7yPx54sooZSXWV4KLjDIs=,tag:jueP7/ZWLfYrEuhh+4eS8g==,type:str]', parent_source=encrypted_config_file_path, path_parts=[ 'tssc-config', 'global-environment-defaults', 'DEV', 'kube-api-token' ]) DecryptionUtils.register_config_value_decryptor(SOPS()) sops_mock.side_effect = create_sops_side_effect('mock decrypted value') decrypted_value = config_value.value sops_mock.assert_called_once_with( '--decrypt', '--extract=["tssc-config"]["global-environment-defaults"]["DEV"]["kube-api-token"]', None, encrypted_config_file_path, _in=None, _out=Any(StringIO), _err=Any(StringIO)) self.assertEqual(decrypted_value, 'mock decrypted value')
def test_success_with_no_tls(self, mock_open, redirect_mock, mvn_mock): with TempDirectory() as temp_dir: mvn_output_file_path = os.path.join(temp_dir.path, 'maven_output.txt') settings_file = '/fake/settings.xml' pom_file = '/fake/pom.xml' phases_and_goals = 'fake' run_maven(mvn_output_file_path=mvn_output_file_path, settings_file=settings_file, pom_file=pom_file, phases_and_goals=phases_and_goals, tls_verify=False) mock_open.assert_called_with(mvn_output_file_path, 'w') redirect_mock.assert_has_calls([ call([sys.stdout, mock_open.return_value]), call([sys.stderr, mock_open.return_value]) ]) mvn_mock.assert_called_once_with( 'fake', '-f', '/fake/pom.xml', '-s', '/fake/settings.xml', '--no-transfer-progress', '-Dmaven.wagon.http.ssl.insecure=true', '-Dmaven.wagon.http.ssl.allowall=true', '-Dmaven.wagon.http.ssl.ignore.validity.dates=true', _out=Any(StringIO), _err=Any(StringIO))
def test_success_with_multiple_profile(self, mock_open, redirect_mock, mvn_mock): with TempDirectory() as temp_dir: mvn_output_file_path = os.path.join(temp_dir.path, 'maven_output.txt') settings_file = '/fake/settings.xml' pom_file = '/fake/pom.xml' phases_and_goals = 'fake' run_maven(mvn_output_file_path=mvn_output_file_path, settings_file=settings_file, pom_file=pom_file, phases_and_goals=phases_and_goals, profiles=['fake-profile1', 'fake-profile2']) mock_open.assert_called_with(mvn_output_file_path, 'w') redirect_mock.assert_has_calls([ call([sys.stdout, mock_open.return_value]), call([sys.stderr, mock_open.return_value]) ]) mvn_mock.assert_called_once_with('fake', '-f', '/fake/pom.xml', '-s', '/fake/settings.xml', '-P', 'fake-profile1,fake-profile2', '--no-transfer-progress', _out=Any(StringIO), _err=Any(StringIO))
def test___buildah_mount_container_error(self, buildah_mock): buildah_unshare_comand = sh.buildah.bake('unshare') container_name = "test" buildah_mock.bake('unshare').bake( 'buildah', 'mount').side_effect = sh.ErrorReturnCode('buildah mount', b'mock out', b'mock error') with self.assertRaisesRegex( RuntimeError, re.compile( rf"Unexpected runtime error mounting container \({container_name}\):" r".*RAN: buildah" r".*STDOUT:" r".*mock out" r".*STDERR:" r".*mock error", re.DOTALL)): OpenSCAPGeneric._OpenSCAPGeneric__buildah_mount_container( buildah_unshare_comand=buildah_unshare_comand, container_id=container_name) buildah_mock.bake('unshare').bake( 'buildah', 'mount').assert_called_once_with('--storage-driver', 'vfs', container_name, _out=Any(IOBase), _err=Any(IOBase), _tee='err')
def test___buildah_import_image_from_tar_error(self, buildah_mock): image_tar_file = "/does/not/matter.tar" container_name = "test" buildah_mock.side_effect = sh.ErrorReturnCode('buildah', b'mock out', b'mock error') with self.assertRaisesRegex( RuntimeError, re.compile( rf"Unexpected runtime error importing the image \({image_tar_file}\):" r".*RAN: buildah" r".*STDOUT:" r".*mock out" r".*STDERR:" r".*mock error", re.DOTALL)): OpenSCAPGeneric._OpenSCAPGeneric__buildah_import_image_from_tar( image_tar_file=image_tar_file, container_name=container_name) buildah_mock.assert_called_once_with( 'from', '--storage-driver', 'vfs', '--name', container_name, f"docker-archive:{image_tar_file}", _out=Any(IOBase), _err=Any(IOBase), _tee='err')
def test_decrypt_parent_source_dict(self, sops_mock): encrypted_config_file_path = os.path.join( os.path.dirname(__file__), 'files', 'tssc-config-secret-stuff.yml') encrypted_config = parse_yaml_or_json_file(encrypted_config_file_path) encrypted_config_json = json.dumps(encrypted_config) config_value = ConfigValue( value= 'ENC[AES256_GCM,data:UGKfnzsSrciR7GXZJhOCMmFrz3Y6V3pZsd3P,iv:yuReqA+n+rRXVHMc+2US5t7yPx54sooZSXWV4KLjDIs=,tag:jueP7/ZWLfYrEuhh+4eS8g==,type:str]', parent_source=encrypted_config, path_parts=[ 'tssc-config', 'global-environment-defaults', 'DEV', 'kube-api-token' ]) sops_decryptor = SOPS() sops_decryptor.decrypt(config_value) sops_mock.assert_called_once_with( '--decrypt', '--extract=["tssc-config"]["global-environment-defaults"]["DEV"]["kube-api-token"]', '--input-type=json', '/dev/stdin', _in=encrypted_config_json, _out=Any(StringIO), _err=Any(StringIO))
def test_push_container_signature_specify_podman_implementer_success( self, gpg_mock, podman_mock): """Test for signature signing success""" with TempDirectory() as temp_dir: config = TestStepImplementerSignContainerImagePodmanSign.generate_config( ) config_dict = config['tssc-config']['sign-container-image'][ 'config'] key = config_dict['container-image-signer-pgp-private-key'] image_name = TestStepImplementerSignContainerImagePodmanSign.generate_results( temp_dir) signature_dir = os.path.join(temp_dir.path, 'tssc-working', 'sign-container-image', 'image-signature', 'hello-node') signature_file = os.path.join(signature_dir, 'signature-1') temp_dir.makedir(signature_dir) temp_dir.write(signature_file, b'signature') gpg_mock.side_effect = TestStepImplementerSignContainerImagePodmanSign.gpg_side_effect fingerprint = 'DD7208BA0A6359F65B906B29CF4AC14A3D109637' expected_step_results = { 'tssc-results': { 'push-container-image': { 'container-image-tag': image_name }, 'sign-container-image': { 'container-image-signature-file-path': signature_file, 'container-image-signature-name': 'hello-node/signature-1', 'container-image-signature-private-key-fingerprint': fingerprint } } } self.run_step_test_with_result_validation(temp_dir, 'sign-container-image', config, expected_step_results) gpg_mock.assert_called_once_with('--import', '--fingerprint', '--with-colons', '--import-options=import-show', _in=key, _out=Any(IOBase), _err_to_out=True, _tee='out') podman_mock.image('sign', f'--sign-by={fingerprint}', f'--directory={signature_dir}', f'docker://{image_name}', _out=Any(IOBase), _err_to_out=True, _tee='out')
def test_run_step_pass(self, skopeo_mock): with TempDirectory() as temp_dir: parent_work_dir_path = os.path.join(temp_dir.path, 'working') image_tar_file = 'fake-image.tar' image_version = '1.0-69442c8' image_tag = f'fake-registry.xyz/fake-org/fake-app-fake-service:{image_version}' step_config = { 'destination-url': 'fake-registry.xyz', 'service-name': 'fake-service', 'application-name': 'fake-app', 'organization': 'fake-org', 'container-image-version': image_version, 'image-tar-file': image_tar_file } step_implementer = self.create_step_implementer( step_config=step_config, step_name='push-container-image', implementer='Skopeo', parent_work_dir_path=parent_work_dir_path, ) result = step_implementer._run_step() expected_step_result = StepResult( step_name='push-container-image', sub_step_name='Skopeo', sub_step_implementer_name='Skopeo') expected_step_result.add_artifact( name='container-image-registry-uri', value='fake-registry.xyz') expected_step_result.add_artifact( name='container-image-registry-organization', value='fake-org') expected_step_result.add_artifact( name='container-image-repository', value='fake-app-fake-service') expected_step_result.add_artifact(name='container-image-name', value='fake-app-fake-service') expected_step_result.add_artifact(name='container-image-version', value=image_version) expected_step_result.add_artifact( name='container-image-tag', value= 'fake-registry.xyz/fake-org/fake-app-fake-service:1.0-69442c8') self.assertEqual(result.get_step_result_dict(), expected_step_result.get_step_result_dict()) containers_config_auth_file = os.path.join(Path.home(), '.skopeo-auth.json') skopeo_mock.copy.assert_called_once_with( "--src-tls-verify=true", "--dest-tls-verify=true", f"--authfile={containers_config_auth_file}", f'docker-archive:{image_tar_file}', f'docker://{image_tag}', _out=Any(IOBase), _err=Any(IOBase), _tee='err')
def test_run_script_shell_argument(self, mock_open, redirect_callback_mock, npm_shell_command_mock): # When I use run_npm() to run 'command with:args' run_npm('/my/output/file', 'mycommand') # Then it should run a shell command, `npm command with:args` npm_shell_command_mock.assert_any_call('mycommand', _out=Any(StringIO), _err=Any(StringIO))
def test_run_script_shell_argument_env_vars(self, mock_open, redirect_callback_mock, npm_shell_command_mock): # When I use run_npm() to run 'command with:args with:envs' run_npm('/my/output/file', 'mycommand', { "KEY1": "VALUE1", "KEY2": "VALUE2" }) # Then it should run a shell command, `npm command with:args` npm_shell_command_mock.assert_any_call('mycommand', _out=Any(StringIO), _err=Any(StringIO), _env=Any(Dict))
def test_import_pgp_key_gpg_import_fail(self, gpg_mock): gpg_mock.side_effect = sh.ErrorReturnCode('gpg', b'mock stdout', b'mock error') pgp_private_key = TestImportPGPKey.TEST_FAKE_PRIVATE_KEY with self.assertRaisesRegex( RuntimeError, re.compile( r"Error importing pgp private key:" r".*RAN: gpg" r".*STDOUT:" r".*mock stdout" r".*STDERR:" r".*mock error", re.DOTALL)): import_pgp_key(pgp_private_key=pgp_private_key) gpg_mock.assert_called_once_with('--import', '--fingerprint', '--with-colons', '--import-options=import-show', _in=pgp_private_key, _out=Any(IOBase), _err_to_out=True, _tee='out')
def test___get_oscap_document_type_sds(self, oscap_mock): oscap_input_file = '/does/not/matter.xml' sh.oscap.info.side_effect = create_sh_side_effect(mock_stdout=""" Document type: Source Data Stream Imported: 2020-10-07T05:34:29 Stream: scap_org.open-scap_datastream_from_xccdf_com.redhat.rhsa-all.xml-xccdf12 Generated: (null) Version: 1.2 Checklists: Ref-Id: scap_org.open-scap_cref_com.redhat.rhsa-all.xml-xccdf12 Status: incomplete Resolved: true Profiles: Referenced check files: com.redhat.rhsa-all.xml system: http://oval.mitre.org/XMLSchema/oval-definitions-5 Checks: Ref-Id: scap_org.open-scap_cref_com.redhat.rhsa-all.xml No dictionaries.""") oscap_document_type = OpenSCAPGeneric._OpenSCAPGeneric__get_oscap_document_type( oscap_input_file=oscap_input_file) sh.oscap.info.assert_called_once_with(oscap_input_file, _out=Any(IOBase)) self.assertEqual(oscap_document_type, 'Source Data Stream')
def test___get_oscap_document_type_xccdf(self, oscap_mock): oscap_input_file = '/does/not/matter.xml' sh.oscap.info.side_effect = create_sh_side_effect(mock_stdout=""" Document type: XCCDF Checklist Checklist version: 1.1 Imported: 2020-02-11T13:41:07 Status: draft Generated: 2020-02-11 Resolved: true Profiles: Title: Protection Profile for General Purpose Operating Systems Id: ospp Title: PCI-DSS v3.2.1 Control Baseline for Red Hat Enterprise Linux 8 Id: pci-dss Title: [DRAFT] DISA STIG for Red Hat Enterprise Linux 8 Id: stig Title: Australian Cyber Security Centre (ACSC) Essential Eight Id: e8 Referenced check files: ssg-rhel8-oval.xml system: http://oval.mitre.org/XMLSchema/oval-definitions-5 ssg-rhel8-ocil.xml system: http://scap.nist.gov/schema/ocil/2 https://www.redhat.com/security/data/oval/com.redhat.rhsa-RHEL8.xml system: http://oval.mitre.org/XMLSchema/oval-definitions-5""") oscap_document_type = OpenSCAPGeneric._OpenSCAPGeneric__get_oscap_document_type( oscap_input_file=oscap_input_file) sh.oscap.info.assert_called_once_with(oscap_input_file, _out=Any(IOBase)) self.assertEqual(oscap_document_type, 'XCCDF Checklist')
def test___import_pgp_key_gpg_import_fail(self, gpg_mock): gpg_mock.side_effect = sh.ErrorReturnCode('gpg', b'mock stdout', b'mock error') pgp_private_key = TestStepImplementerSignContainerImagePodman.TEST_FAKE_PRIVATE_KEY with self.assertRaisesRegex( StepRunnerException, re.compile( r"Error importing pgp private key:" r".*RAN: gpg" r".*STDOUT:" r".*mock stdout" r".*STDERR:" r".*mock error", re.DOTALL)): PodmanSign._PodmanSign__import_pgp_key( pgp_private_key=pgp_private_key) gpg_mock.assert_called_once_with('--import', '--fingerprint', '--with-colons', '--import-options=import-show', _in=pgp_private_key, _out=Any(IOBase), _err_to_out=True, _tee='out')
def test___sign_image_podman_image_sign_to_many_sigs(self, podman_mock): with TempDirectory() as temp_dir: pgp_private_key_fingerprint = 'abc123' image_signatures_directory = os.path.join(temp_dir.path, 'signatures') container_image_tag = 'does/not/matter:v0.42.0' podman_mock.image.side_effect = TestStepImplementerSignContainerImagePodman.\ create_podman_image_sign_side_effect(num_signatures=2) with self.assertRaisesRegex( StepRunnerException, re.compile( r"Unexpected number of signature files, expected 1: \['.*', '.*'\]", re.DOTALL ) ): PodmanSign._PodmanSign__sign_image( pgp_private_key_fingerprint=pgp_private_key_fingerprint, image_signatures_directory=image_signatures_directory, container_image_tag=container_image_tag ) podman_mock.image.assert_called_once_with( 'sign', f'--sign-by={pgp_private_key_fingerprint}', f'--directory={image_signatures_directory}', f'docker://{container_image_tag}', _out=Any(IOBase), _err_to_out=True, _tee='out' )
def test___sign_image_podman_image_sign_fail(self, podman_mock): with TempDirectory() as temp_dir: pgp_private_key_fingerprint = 'abc123' image_signatures_directory = os.path.join(temp_dir.path, 'signatures') container_image_tag = 'does/not/matter:v0.42.0' podman_mock.image.side_effect = sh.ErrorReturnCode('podman', b'mock stdout', b'mock error signing image') with self.assertRaisesRegex( StepRunnerException, re.compile( rf"Error signing image \({container_image_tag}\):" r".*RAN: podman" r".*STDOUT:" r".*mock stdout" r".*STDERR:" r".*mock error signing image", re.DOTALL ) ): PodmanSign._PodmanSign__sign_image( pgp_private_key_fingerprint=pgp_private_key_fingerprint, image_signatures_directory=image_signatures_directory, container_image_tag=container_image_tag ) podman_mock.image.assert_called_once_with( 'sign', f'--sign-by={pgp_private_key_fingerprint}', f'--directory={image_signatures_directory}', f'docker://{container_image_tag}', _out=Any(IOBase), _err_to_out=True, _tee='out' )
def test_audit_attestation_pass(self, audit_results_mock): step_config = { 'workflow-policy-uri': "https://foo.bar" } step_implementer = self.create_step_implementer( step_config=step_config ) audit_results_mock.return_value = "pass" workflow_attestation_file_path = "workflow_attestation_file_path" workflow_policy_file_path = "workflow_policy_file_path" workflow_policy_query = "fooquery" step_implementer._OpenPolicyAgent__audit_attestation( workflow_attestation_file_path = "workflow_attestation_file_path", workflow_policy_file_path = "workflow_policy_file_path", workflow_policy_query = "fooquery" ) audit_results_mock.assert_called_once_with( 'eval', '--fail-defined', '-d', workflow_attestation_file_path, '-i', workflow_policy_file_path, workflow_policy_query, _out=Any(IOBase), _err_to_out=True, _tee='out' )
def test___import_pgp_key_fail_get_fingerprint(self, gpg_mock): pgp_private_key=TestStepImplementerSignContainerImagePodman.TEST_FAKE_PRIVATE_KEY with self.assertRaisesRegex( StepRunnerException, re.compile( r"Error getting PGP fingerprint for PGP key" r" to sign container image\(s\) with. See stdout and stderr for more info.", re.DOTALL ) ): PodmanSign._PodmanSign__import_pgp_key( pgp_private_key=pgp_private_key ) gpg_mock.assert_called_once_with( '--import', '--fingerprint', '--with-colons', '--import-options=import-show', _in=pgp_private_key, _out=Any(IOBase), _err_to_out=True, _tee='out' )
def test___buildah_import_image_from_tar_success(self, buildah_mock): image_tar_file = "/does/not/matter.tar" container_name = "test" OpenSCAPGeneric._OpenSCAPGeneric__buildah_import_image_from_tar( image_tar_file=image_tar_file, container_name=container_name) buildah_mock.assert_called_once_with( 'from', '--storage-driver', 'vfs', '--name', container_name, f"docker-archive:{image_tar_file}", _out=Any(IOBase), _err=Any(IOBase), _tee='err')
def test_success_with_report_dir_deployed_host_urls_not_list( self, mock_gather_evidence, mock_write_working_file, mock_run_npm_step ): with TempDirectory() as test_dir: # setup test parent_work_dir_path = os.path.join(test_dir.path, 'working') step_config = { 'deployed-host-urls': 'https://mock.ploigos.org/mock-app-1', 'npm-envs': { 'VAR1': 'VAL1', 'VAR2': 'VAL2' }, 'test-reports-dir': '/mock/test-results-dir', "target-host-env-var-name": "APP_ROUTE" } step_implementer = self.create_step_implementer( step_config=step_config, parent_work_dir_path=parent_work_dir_path, ) # run test actual_step_result = step_implementer._run_step() # verify results expected_step_result = StepResult( step_name='unit-test', sub_step_name='NpmXunitIntegrationTest', sub_step_implementer_name='NpmXunitIntegrationTest' ) expected_step_result.add_artifact( description="Standard out and standard error from npm.", name='npm-output', value='/mock/npm_output.txt' ) expected_step_result.add_artifact( description="Test report generated when running tests.", name='test-report', value='/mock/test-results-dir' ) self.assertEqual(actual_step_result, expected_step_result) mock_run_npm_step.assert_called_once_with( npm_output_file_path='/mock/npm_output.txt', step_implementer_additional_envs={ 'APP_ROUTE': 'https://mock.ploigos.org/mock-app-1'} ) mock_gather_evidence.assert_called_once_with( step_result=Any(StepResult), test_report_dirs='/mock/test-results-dir' ) self.assertEqual(step_implementer.npm_args, ['run', 'test:uat'])
def test_run_shell_command(self, os_path_exists_mock, tox_shell_command_mock): # Given a working directory with TempDirectory() as temp_dir: working_dir_path = os.path.join(temp_dir.path, 'working') # Given an ToxTest step implementer tox_test = self.create_given_step_implementer(ToxTest, parent_work_dir_path=working_dir_path) # When I run the step tox_test.run_step() # Then it should run a shell command, 'tox test' tox_shell_command_mock.assert_any_call( ('-q', '-e', 'test',), _out=Any(StringIO), _err=Any(StringIO) )
def test_run_shell_command(self, os_path_exists_mock, npm_shell_command_mock): # Given a working directory with TempDirectory() as temp_dir: working_dir_path = os.path.join(temp_dir.path, 'working') # Given an NpmPackage step implementer npm_test = self.create_given_step_implementer( NpmPackage, parent_work_dir_path=working_dir_path) # When I run the step npm_test.run_step() # Then it should run a shell command, 'npm test' npm_shell_command_mock.assert_any_call('install', _out=Any(StringIO), _err=Any(StringIO))
def test_run_step_pass_nofips(self, curl_mock): with TempDirectory() as temp_dir: work_dir_path = os.path.join(temp_dir.path, 'working') signature_file_path = 'signature-1' temp_dir.write(signature_file_path, b'bogus signature') container_image_signature_file_path = os.path.join(temp_dir.path, signature_file_path) container_image_signature_name = 'jkeam/hello-node@sha256=2cbdb73c9177e63e85d267f738e' \ '99e368db3f806eab4c541f5c6b719e69f1a2b/signature-1' step_config = { 'container-image-signature-server-url': 'https://sigserver/signatures', 'container-image-signature-server-username': '******', 'container-image-signature-server-password': '******', 'with-fips': False } # Previous (fake) results artifact_config = { 'container-image-signature-file-path': {'value': container_image_signature_file_path}, 'container-image-signature-name': {'value': container_image_signature_name}, } workflow_result = self.setup_previous_result(work_dir_path, artifact_config) # Actual results step_implementer = self.create_step_implementer( step_config=step_config, step_name='sign-container-image', implementer='CurlPush', workflow_result=workflow_result, work_dir_path=work_dir_path ) result = step_implementer._run_step() # # Expected results expected_step_result = StepResult(step_name='sign-container-image', sub_step_name='CurlPush', sub_step_implementer_name='CurlPush') expected_step_result.add_artifact(name='container-image-signature-url', value=f'https://sigserver/signatures/{container_image_signature_name}') expected_step_result.add_artifact(name='container-image-signature-file-sha1', value='d9ba1fc747829392883c48adfe4bb688239dc8b2') expected_step_result.add_artifact(name='container-image-signature-file-md5', value='b66c5c3d4ab37a50e69a05d72ba302fa') self.assertEqual(expected_step_result.get_step_result_dict(), result.get_step_result_dict()) curl_mock.assert_called_once_with( '-sSfv', '-X', 'PUT', '--user', "admin:adminPassword", '--upload-file', container_image_signature_file_path, '--header', StringRegexParam(r'X-Checksum-Sha1:.+'), '--header', StringRegexParam(r'X-Checksum-MD5:.+'), f"https://sigserver/signatures/{container_image_signature_name}", _out=Any(IOBase), _err_to_out=True, _tee='out' )
def test_upload_to_rekor(self, rekor_mock, create_mock): with TempDirectory() as temp_dir: parent_work_dir_path = os.path.join(temp_dir.path, 'working') signer_pgp_public_key_path = os.path.join( os.path.dirname(__file__), '../../helpers', 'files', 'ploigos-step-runner-tests-public.key') step_config = { 'rekor-server-url': self.TEST_REKOR_SERVER_URL, 'signer-pgp-private-key': self.TEST_PGP_SIGNER_PRIVATE_KEY } step_implementer = self.create_step_implementer( step_config=step_config, parent_work_dir_path=parent_work_dir_path, artifact_to_sign_uri_config_key=self.TEST_ARTIFACT_TO_SIGN_URI) artifact_data_file = os.path.join(parent_work_dir_path, 'automated-governance', 'automated-governance.json') artifact_data_file_path = Path(artifact_data_file) WorkflowResult().write_results_to_json_file( artifact_data_file_path) rekor_entry_path_name = os.path.join(parent_work_dir_path, 'automated-governance', 'entry.json') def create_mock_side_effect(signer_pgp_public_key_path, signer_pgp_private_key_user, extra_data_file): return self.TEST_REKOR_ENTRY def rekor_mock_side_effect(*args, **kwargs): return 'Created entry at: ' + args[ 2] + '/api/v1/log/entries/' + self.TEST_REKOR_UUID create_mock.side_effect = create_mock_side_effect rekor_mock.side_effect = rekor_mock_side_effect rekor_entry_path = Path(rekor_entry_path_name) rekor_entry_path.touch() result_uuid = step_implementer._upload_to_rekor( rekor_server=self.TEST_REKOR_SERVER_URL, rekor_entry=self.TEST_REKOR_ENTRY) rekor_mock.assert_called_once_with('upload', '--rekor_server', self.TEST_REKOR_SERVER_URL, '--entry', rekor_entry_path_name, _out=Any(IOBase), _err_to_out=True, _tee='out') self.assertEqual(result_uuid, self.TEST_REKOR_UUID)
def test_fail_with_report_dir( self, mock_gather_evidence, mock_get_test_report_dir, mock_write_working_file, mock_run_maven_step ): with TempDirectory() as test_dir: # setup test parent_work_dir_path = os.path.join(test_dir.path, 'working') pom_file = os.path.join(test_dir.path, 'mock-pom.xml') step_config = { 'pom-file': pom_file } step_implementer = self.create_step_implementer( step_config=step_config, parent_work_dir_path=parent_work_dir_path, ) # setup mocks mock_run_maven_step.side_effect = StepRunnerException('mock error') # run test actual_step_result = step_implementer._run_step() # verify results expected_step_result = StepResult( step_name='unit-test', sub_step_name='MavenTest', sub_step_implementer_name='MavenTest' ) expected_step_result.success = False expected_step_result.message = "Error running maven. " \ "More details maybe found in report artifacts: " \ "mock error" expected_step_result.add_artifact( description="Standard out and standard error from maven.", name='maven-output', value='/mock/mvn_output.txt' ) expected_step_result.add_artifact( description="Test report generated when running unit tests.", name='test-report', value='/mock/test-results-dir' ) self.assertEqual(actual_step_result, expected_step_result) mock_run_maven_step.assert_called_once_with( mvn_output_file_path='/mock/mvn_output.txt' ) mock_gather_evidence.assert_called_once_with( step_result=Any(StepResult), test_report_dir='/mock/test-results-dir' )