def generate_cot(context, path=None): """Format and sign the cot body, and write to disk Args: context (scriptworker.context.Context): the scriptworker context. path (str, optional): The path to write the chain of trust artifact to. If None, this is artifact_dir/public/chainOfTrust.json.asc. Defaults to None. Returns: str: the contents of the chain of trust artifact. Raises: ScriptWorkerException: on schema error. """ body = generate_cot_body(context) try: with open(context.config['cot_schema_path'], "r") as fh: schema = json.load(fh) except (IOError, ValueError) as e: raise ScriptWorkerException("Can't read schema file {}: {}".format( context.config['cot_schema_path'], str(e))) validate_json_schema(body, schema, name="chain of trust") body = format_json(body) path = path or os.path.join(context.config['artifact_dir'], "public", "chainOfTrust.json.asc") if context.config['sign_chain_of_trust']: body = sign(GPG(context), body) with open(path, "w") as fh: print(body, file=fh, end="") return body
def generate_cot(context, parent_path=None): """Format and sign the cot body, and write to disk. Args: context (scriptworker.context.Context): the scriptworker context. parent_path (str, optional): The directory to write the chain of trust artifacts to. If None, this is ``artifact_dir/public/``. Defaults to None. Returns: str: the contents of the chain of trust artifact. Raises: ScriptWorkerException: on schema error. """ body = generate_cot_body(context) schema = load_json_or_yaml( context.config['cot_schema_path'], is_path=True, exception=ScriptWorkerException, message="Can't read schema file {}: %(exc)s".format(context.config['cot_schema_path']) ) validate_json_schema(body, schema, name="chain of trust") body = format_json(body) parent_path = parent_path or os.path.join(context.config['artifact_dir'], 'public') unsigned_path = os.path.join(parent_path, 'chain-of-trust.json') write_to_file(unsigned_path, body) if context.config['sign_chain_of_trust']: ed25519_signature_path = '{}.sig'.format(unsigned_path) ed25519_private_key = ed25519_private_key_from_file(context.config['ed25519_private_key_path']) ed25519_signature = ed25519_private_key.sign(body.encode('utf-8')) write_to_file(ed25519_signature_path, ed25519_signature, file_type='binary') return body
def generate_cot(context, parent_path=None): """Format and sign the cot body, and write to disk. Args: context (scriptworker.context.Context): the scriptworker context. parent_path (str, optional): The directory to write the chain of trust artifacts to. If None, this is ``artifact_dir/public/``. Defaults to None. Returns: str: the contents of the chain of trust artifact. Raises: ScriptWorkerException: on schema error. """ body = generate_cot_body(context) schema = load_json_or_yaml( context.config['cot_schema_path'], is_path=True, exception=ScriptWorkerException, message="Can't read schema file {}: %(exc)s".format( context.config['cot_schema_path'])) validate_json_schema(body, schema, name="chain of trust") body = format_json(body) parent_path = parent_path or os.path.join(context.config['artifact_dir'], 'public') asc_path = os.path.join(parent_path, "chainOfTrust.json.asc") unsigned_path = os.path.join(parent_path, 'chain-of-trust.json') write_to_file(unsigned_path, body) if context.config['sign_chain_of_trust']: ed25519_signature_path = '{}.sig'.format(unsigned_path) ed25519_private_key = ed25519_private_key_from_file( context.config['ed25519_private_key_path']) ed25519_signature = ed25519_private_key.sign(body.encode('utf-8')) write_to_file(ed25519_signature_path, ed25519_signature, file_type='binary') body = sign(GPG(context), body) write_to_file(asc_path, body) return body
def create_cot_config(context, cot_config_path=None): """Create a Chain of Trust config from context.config['cot_config'] file. Then validate it via the schema file, and freeze it. Args: context (scriptworker.context.Context): the scriptworker context. Returns: frozendict: the Chain of Trust config. Raises: SystemExit: on failure """ cot_config_path = cot_config_path or context.config['cot_config_path'] cot_config = _get_json_from_mandatory_file(cot_config_path, "create_cot_config") with open(context.config['cot_config_schema_path'], "r") as fh: schema = json.load(fh) validate_json_schema(cot_config, schema, name="cot_config") freeze_values(cot_config) cot_config = frozendict(cot_config) return cot_config
def test_invalid_task(schema): with open(BASIC_TASK, "r") as fh: task = json.load(fh) with pytest.raises(ScriptWorkerTaskException): client.validate_json_schema({"foo": task}, schema)
def test_validate_task(schema): with open(BASIC_TASK, "r") as fh: task = json.load(fh) client.validate_json_schema(task, schema)
def test_invalid_task(schema): with open(BASIC_TASK, "r") as fh: task = json.load(fh) with pytest.raises(ScriptWorkerTaskException): client.validate_json_schema({'foo': task}, schema)