def test_construct_operator_item_claim_messages( mock_quay_client, mock_uuid, mock_datetime, mock_encode, target_settings, operator_signing_push_item, signing_manifest_list_data, ): hub = mock.MagicMock() mock_get_manifest = mock.MagicMock() mock_get_manifest.return_value = signing_manifest_list_data mock_quay_client.return_value.get_manifest = mock_get_manifest mock_uuid.side_effect = range(100) mock_datetime.utcnow.return_value.isoformat.return_value = "2021-03-19T14:45:23.128632" mock_encode.return_value = b"some-encode" sig_handler = signature_handler.OperatorSignatureHandler( hub, "1", target_settings, "some-target") claim_messages = sig_handler.construct_index_image_claim_messages( operator_signing_push_item, ["v4.5"], ["key1", "key2"]) with open("tests/test_data/test_expected_operator_claim_messages.json", "r") as f: expected_claim_messages = json.loads(f.read()) assert claim_messages == expected_claim_messages mock_get_manifest.assert_called_once() assert mock_uuid.call_count == 8
def test_sign_task_index_image( mock_quay_client, mock_construct_index_claim_msgs, mock_get_radas_signatures, mock_validate_radas_msgs, mock_upload_signatures_to_pyxis, target_settings, ): hub = mock.MagicMock() mock_construct_index_claim_msgs.return_value = ["msg1", "msg2"] mock_get_radas_signatures.return_value = ["sig1", "sig2"] build_details = IIBRes("registry1/namespace/image:1", "registry1/iib-namespace/image@sha256:a1a1a1", ["1-1"]) sig_handler = signature_handler.OperatorSignatureHandler( hub, "1", target_settings, "some-target") claims = sig_handler.sign_task_index_image(["some-key"], "registry1/namespace/image:1", ["3", "3-stamp"]) mock_construct_index_claim_msgs.assert_called_once_with( "registry1/namespace/image:1", ["3", "3-stamp"], ["some-key"]) mock_get_radas_signatures.assert_called_once_with(["msg1", "msg2"]) mock_validate_radas_msgs.assert_called_once_with(["msg1", "msg2"], ["sig1", "sig2"]) mock_upload_signatures_to_pyxis.assert_called_once_with(["msg1", "msg2"], ["sig1", "sig2"]) assert claims == ["msg1", "msg2"]
def test_sign_operator_images_no_signatures( mock_quay_client, mock_construct_index_claim_msgs, mock_get_radas_signatures, mock_validate_radas_msgs, mock_upload_signatures_to_pyxis, target_settings, ): hub = mock.MagicMock() mock_construct_index_claim_msgs.return_value = [] iib_results = { "v4.5": { "iib_result": IIBRes( "registry1/iib-namespace/image:v4.5", "registry1/iib-namespace/image@sha256:a1a1a1", ["v4.5-1"], ), "signing_keys": [None], }, } sig_handler = signature_handler.OperatorSignatureHandler( hub, "1", target_settings, "some-target") sig_handler.sign_operator_images(iib_results, "stamp") mock_construct_index_claim_msgs.assert_called_once_with( "quay.io/iib-namespace/iib:v4.5-1", ["v4.5", "v4.5-stamp"], [None]) mock_get_radas_signatures.assert_not_called() mock_validate_radas_msgs.assert_not_called() mock_upload_signatures_to_pyxis.assert_not_called()
def test_sign_task_index_image( mock_quay_api_client, mock_quay_client, mock_construct_index_claim_msgs, mock_get_radas_signatures, mock_validate_radas_msgs, mock_upload_signatures_to_pyxis, target_settings, ): class IIBRes: def __init__(self, index_image_resolved): self.index_image_resolved = index_image_resolved hub = mock.MagicMock() mock_construct_index_claim_msgs.return_value = ["msg1", "msg2"] mock_get_radas_signatures.return_value = ["sig1", "sig2"] build_details = IIBRes("registry1/namespace/image:1") sig_handler = signature_handler.OperatorSignatureHandler( hub, "1", target_settings, "some-target" ) sig_handler.sign_task_index_image(["some-key"], "registry1/namespace/image:1", "3") mock_construct_index_claim_msgs.assert_called_once_with( "registry1/namespace/image:1", "3", ["some-key"] ) mock_get_radas_signatures.assert_called_once_with(["msg1", "msg2"]) mock_validate_radas_msgs.assert_called_once_with(["msg1", "msg2"], ["sig1", "sig2"]) mock_upload_signatures_to_pyxis.assert_called_once_with(["msg1", "msg2"], ["sig1", "sig2"], 100)
def test_sign_operator_images( mock_quay_client, mock_construct_index_claim_msgs, mock_get_radas_signatures, mock_validate_radas_msgs, mock_upload_signatures_to_pyxis, target_settings, ): hub = mock.MagicMock() mock_construct_index_claim_msgs.side_effect = [["msg1", "msg2"], ["msg3", "msg4"]] mock_get_radas_signatures.return_value = ["sig1", "sig2", "sig3", "sig4"] iib_results = { "v4.5": { "iib_result": IIBRes( "registry1/iib-namespace/image:v4.5", "registry1/iib-namespace/image@sha256:a1a1a1", ["v4.5-1"], ), "signing_keys": ["key1"], }, "v4.6": { "iib_result": IIBRes( "registry1/iib-namespace/image:v4.6", "registry1/iib-namespace/image@sha256:b2b2b2", ["v4.6-1"], ), "signing_keys": ["key2"], }, } sig_handler = signature_handler.OperatorSignatureHandler( hub, "1", target_settings, "some-target") sig_handler.sign_operator_images(iib_results, "stamp-tag") assert mock_construct_index_claim_msgs.call_count == 2 mock_construct_index_claim_msgs.call_args_list[0] == mock.call( "quay.io/iib-namespace/iib@sha256:a1a1a1", "v4.5", "v4.5-stamp-tag", ["key1"]) mock_construct_index_claim_msgs.call_args_list[0] == mock.call( "quay.io/iib-namespace/iib@sha256:b2b2b2", "v4.6", "v4.6-stamp-tag", ["key2"]) mock_get_radas_signatures.assert_called_once_with( ["msg1", "msg2", "msg3", "msg4"]) mock_validate_radas_msgs.assert_called_once_with( ["msg1", "msg2", "msg3", "msg4"], ["sig1", "sig2", "sig3", "sig4"]) mock_upload_signatures_to_pyxis.assert_called_once_with( ["msg1", "msg2", "msg3", "msg4"], ["sig1", "sig2", "sig3", "sig4"])
def test_construct_operator_item_claim_messages_none_signing_key( mock_quay_client, target_settings, operator_signing_push_item, signing_manifest_list_data, ): hub = mock.MagicMock() mock_get_manifest = mock.MagicMock() mock_get_manifest.return_value = signing_manifest_list_data mock_quay_client.return_value.get_manifest = mock_get_manifest sig_handler = signature_handler.OperatorSignatureHandler( hub, "1", target_settings, "some-target") claim_messages = sig_handler.construct_index_image_claim_messages( operator_signing_push_item, ["v4.5", "v4.5-stamp"], [None]) assert claim_messages == []
def test_sign_operator_images_not_allowed( mock_quay_client, mock_construct_index_claim_msgs, mock_get_radas_signatures, mock_validate_radas_msgs, mock_upload_signatures_to_pyxis, target_settings, ): hub = mock.MagicMock() target_settings["docker_settings"][ "docker_container_signing_enabled"] = False sig_handler = signature_handler.OperatorSignatureHandler( hub, "1", target_settings, "some-target") sig_handler.sign_operator_images({"nothing": "here"}, "stamp-tag") mock_construct_index_claim_msgs.assert_not_called() mock_get_radas_signatures.assert_not_called() mock_validate_radas_msgs.assert_not_called() mock_upload_signatures_to_pyxis.assert_not_called()
def test_sign_task_index_image_no_signatures( mock_quay_client, mock_construct_index_claim_msgs, mock_get_radas_signatures, mock_validate_radas_msgs, mock_upload_signatures_to_pyxis, target_settings, ): hub = mock.MagicMock() mock_construct_index_claim_msgs.return_value = [] sig_handler = signature_handler.OperatorSignatureHandler( hub, "1", target_settings, "some-target") sig_handler.sign_task_index_image([None], "registry1/namespace/image:1", ["3", "3-stamp"]) mock_construct_index_claim_msgs.assert_called_once_with( "registry1/namespace/image:1", ["3", "3-stamp"], [None]) mock_get_radas_signatures.assert_not_called() mock_validate_radas_msgs.assert_not_called() mock_upload_signatures_to_pyxis.assert_not_called()
def test_sign_operator_images( mock_quay_api_client, mock_quay_client, mock_construct_index_claim_msgs, mock_get_radas_signatures, mock_validate_radas_msgs, mock_upload_signatures_to_pyxis, target_settings, ): class IIBRes: def __init__(self, index_image_resolved): self.index_image_resolved = index_image_resolved hub = mock.MagicMock() mock_construct_index_claim_msgs.side_effect = [["msg1", "msg2"], ["msg3", "msg4"]] mock_get_radas_signatures.return_value = ["sig1", "sig2", "sig3", "sig4"] iib_results = { "v4.5": { "iib_result": IIBRes("registry1/namespace/image:1"), "signing_keys": ["key1"] }, "v4.6": { "iib_result": IIBRes("registry1/namespace/image:2"), "signing_keys": ["key2"] }, } sig_handler = signature_handler.OperatorSignatureHandler( hub, "1", target_settings) sig_handler.sign_operator_images(iib_results) assert mock_construct_index_claim_msgs.call_count == 2 mock_get_radas_signatures.assert_called_once_with( ["msg1", "msg2", "msg3", "msg4"]) mock_validate_radas_msgs.assert_called_once_with( ["msg1", "msg2", "msg3", "msg4"], ["sig1", "sig2", "sig3", "sig4"]) mock_upload_signatures_to_pyxis.assert_called_once_with( ["msg1", "msg2", "msg3", "msg4"], ["sig1", "sig2", "sig3", "sig4"], 100)