def test_sign_container_images_no_signatures( mock_quay_client, mock_construct_claim_msgs, mock_remove_duplicate_claim_msgs, mock_filter_claim_msgs, mock_get_radas_signatures, mock_validate_radas_msgs, mock_upload_signatures_to_pyxis, target_settings, container_signing_push_item, container_multiarch_push_item, ): hub = mock.MagicMock() mock_construct_claim_msgs.side_effect = [["msg1", "msg2"], ["msg3", "msg4"]] mock_remove_duplicate_claim_msgs.return_value = [ "msg1", "msg2", "msg3", "msg4" ] mock_filter_claim_msgs.return_value = [] sig_handler = signature_handler.ContainerSignatureHandler( hub, "1", target_settings, "some-target") sig_handler.sign_container_images( [container_signing_push_item, container_multiarch_push_item]) assert mock_construct_claim_msgs.call_count == 2 mock_remove_duplicate_claim_msgs.assert_called_once_with( ["msg1", "msg2", "msg3", "msg4"]) mock_filter_claim_msgs.assert_called_once_with( ["msg1", "msg2", "msg3", "msg4"]) mock_get_radas_signatures.assert_not_called() mock_validate_radas_msgs.assert_not_called() mock_upload_signatures_to_pyxis.assert_not_called()
def test_remove_duplicate_claim_messages(mock_quay_client, target_settings, container_signing_push_item): hub = mock.MagicMock() sig_handler = signature_handler.ContainerSignatureHandler( hub, "1", target_settings, "some-target") messages = [ { "sig_key_id": "some-key", "claim_file": "some-encode", "pub_task_id": "1", "request_id": "0", "manifest_digest": "sha256:8a3a33cad0bd33650ba7287a7ec94327d8e47ddf7845c569c80b5c4b20d49d36", "repo": "some-namespace/target----repo1", "image_name": "target/repo1", "docker_reference": "some-registry1.com/target/repo1:tag1", "created": "2021-03-19T14:45:23.128632Z", }, { "sig_key_id": "some-key", "claim_file": "some-encode", "pub_task_id": "1", "request_id": "1", "manifest_digest": "sha256:8a3a33cad0bd33650ba7287a7ec94327d8e47ddf7845c569c80b5c4b20d49d36", "repo": "some-namespace/target----repo1", "image_name": "target/repo1", "docker_reference": "some-registry1.com/target/repo1:tag1", "created": "2021-03-19T14:45:23.128632Z", }, ] result_messages = sig_handler.remove_duplicate_claim_messages(messages) assert result_messages == [messages[0]]
def test_construct_item_claim_messages_ml( mock_quay_client, mock_get_tagged_digests, mock_uuid, mock_datetime, mock_encode, target_settings, container_signing_push_item_ml, ): hub = mock.MagicMock() mock_uuid.side_effect = range(100) mock_encode.return_value = b"some-encode" mock_datetime.utcnow.return_value.isoformat.return_value = "2021-03-19T14:45:23.128632" mock_get_tagged_digests.return_value = [ "sha256:8a3a33cad0bd33650ba7287a7ec94327d8e47ddf7845c569c80b5c4b20d49d36", "sha256:2e8f38a0a8d2a450598430fa70c7f0b53aeec991e76c3e29c63add599b4ef7ee", ] mock_quay_client.MANIFEST_LIST_TYPE = ( "application/vnd.docker.distribution.manifest.list.v2+json") sig_handler = signature_handler.ContainerSignatureHandler( hub, "1", target_settings, "some-target") claim_messages = sig_handler.construct_item_claim_messages( container_signing_push_item_ml) with open("tests/test_data/test_expected_claim_messages.json", "r") as f: expected_claim_messages = json.loads(f.read()) assert claim_messages == expected_claim_messages mock_get_tagged_digests.assert_called_once_with( "some-registry/src/repo:1", "application/vnd.docker.distribution.manifest.list.v2+json") assert mock_uuid.call_count == 12
def test_construct_item_claim_messages_none_signing_key( mock_quay_client, target_settings, container_signing_push_item, ): hub = mock.MagicMock() sig_handler = signature_handler.ContainerSignatureHandler( hub, "1", target_settings, "some-target") push_item_none_key = container_signing_push_item push_item_none_key.claims_signing_key = None claim_messages = sig_handler.construct_item_claim_messages( push_item_none_key) assert claim_messages == []
def test_sign_container_images_not_allowed( mock_quay_client, mock_construct_claim_msgs, mock_filter_claim_msgs, mock_get_radas_signatures, mock_validate_radas_msgs, mock_upload_signatures_to_pyxis, target_settings, container_signing_push_item, ): hub = mock.MagicMock() target_settings["docker_settings"][ "docker_container_signing_enabled"] = False sig_handler = signature_handler.ContainerSignatureHandler( hub, "1", target_settings, "some-target") sig_handler.sign_container_images([container_signing_push_item]) mock_construct_claim_msgs.assert_not_called() mock_filter_claim_msgs.assert_not_called() mock_get_radas_signatures.assert_not_called() mock_validate_radas_msgs.assert_not_called() mock_upload_signatures_to_pyxis.assert_not_called()
def test_sign_container_images_new_digests_nothing_to_sign( mock_quay_client, mock_construct_claim_msgs, mock_filter_claim_msgs, mock_get_radas_signatures, mock_validate_radas_msgs, mock_upload_signatures_to_pyxis, target_settings, container_signing_push_item, ): hub = mock.MagicMock() mock_filter_claim_msgs.return_value = [] sig_handler = signature_handler.ContainerSignatureHandler( hub, "1", target_settings, "some-target") ret = sig_handler.sign_container_images_new_digests([]) mock_construct_claim_msgs.assert_not_called() mock_filter_claim_msgs.assert_called_once() mock_get_radas_signatures.assert_not_called() mock_validate_radas_msgs.assert_not_called() mock_upload_signatures_to_pyxis.assert_not_called() assert ret == []