def test_https_bad_uri(self):
with TempDirectory() as test_dir:
with self.assertRaisesRegex(
RuntimeError,
r"Error downloading file \(.+\): HTTP Error 404: Not Found"
):
download_source_to_destination(
source_uri=
"https://www.redhat.com/security/data/metrics/ds/v2/RHEL8/does-not-exist.ds.xml.bz2",
destination_dir=test_dir.path)
def test_bad_protocol(self):
with TempDirectory() as test_dir:
with self.assertRaisesRegex(
ValueError,
r"Unexpected error, should have been caught by step validation."
r" Source \(.+\) must start with known protocol \(/|file://\|http://\|https://\)."
):
download_source_to_destination(
source_uri=
"bad://www.redhat.com/security/data/metrics/ds/v2/RHEL8/rhel-8.ds.xml.bz2",
destination_dir=test_dir.path)
def _run_step(self):
"""Runs the step implemented by this StepImplementer.
Returns
-------
StepResult
Object containing the dictionary results of this step.
"""
step_result = StepResult.from_step_implementer(self)
work_dir = self.work_dir_path
#workflow attestation uri
workflow_attestation_uri = self.get_value('evidence-uri')
if workflow_attestation_uri is None:
step_result.success = False
step_result.message = 'No value found for evidence-uri'
return step_result
workflow_attestation_file_path = download_source_to_destination(
workflow_attestation_uri, work_dir)
workflow_policy_uri = self.get_value('workflow-policy-uri')
#Download workflow policy from configured uri
workflow_policy_file_path = download_source_to_destination(
workflow_policy_uri, work_dir)
audit_results, return_code = self.__audit_attestation(
workflow_attestation_file_path, workflow_policy_file_path,
self.DEFAULT_WORKFLOW_POLICY_QUERY)
if return_code == 1:
step_result.success = False
step_result.message = "Attestation error: " + audit_results
detailed_report, return_code = self.__audit_attestation(
workflow_attestation_file_path, workflow_policy_file_path,
self.DEFAULT_WORKFLOW_POLICY_DATA_QUERY)
audit_results = detailed_report
else:
step_result.message = "Audit was successful"
step_result.add_artifact(name='audit-results', value=audit_results)
return step_result
def test_https_xml(self):
with TempDirectory() as test_dir:
destination_path = download_source_to_destination(
source_uri=
"https://www.redhat.com/security/data/cvrf/2020/cvrf-rhba-2020-0017.xml",
destination_dir=test_dir.path)
self.assertIsNotNone(destination_path)
self.assertRegex(destination_path,
rf'{test_dir.path}/cvrf-rhba-2020-0017.xml$')
with open(destination_path) as downloaded_file:
self.assertTrue(downloaded_file.read())
def test_local_file_download_forward_slash_prefix(self):
sample_file_path = os.path.join(os.path.dirname(__file__), 'files',
'cvrf-rhba-2020-0017.xml')
with TempDirectory() as test_dir:
destination_path = download_source_to_destination(
source_uri=f"{sample_file_path}",
destination_dir=test_dir.path)
self.assertIsNotNone(destination_path)
self.assertRegex(destination_path,
rf'{test_dir.path}/cvrf-rhba-2020-0017.xml$')
with open(destination_path) as downloaded_file, open(
sample_file_path) as sample_file:
downloaded_file_contents = downloaded_file.read()
self.assertTrue(downloaded_file_contents)
self.assertEqual(downloaded_file_contents, sample_file.read())
def _run_step(self):
"""Runs the step implemented by this StepImplementer.
Returns
-------
StepResult
Object containing the dictionary results of this step.
"""
step_result = StepResult.from_step_implementer(self)
rekor_server = self.get_value('rekor-server-url')
work_dir = self.work_dir_path
artifact_to_sign_uri = self.get_value(
self.artifact_to_sign_uri_config_key)
#Download artifact that needs to be signed and place at work_dir.
#Path to file is returned as string
path_to_file = download_source_to_destination(artifact_to_sign_uri,
work_dir)
# get the pgp private key to sign the image with
signer_pgp_private_key = self.get_value('signer-pgp-private-key')
# import the PGP key and get the finger print
signer_pgp_private_key_fingerprint = import_pgp_key(
pgp_private_key=signer_pgp_private_key)
signer_pgp_public_key = export_pgp_public_key(
signer_pgp_private_key_fingerprint)
rekor_entry = self._create_rekor_entry(
signer_pgp_public_key, signer_pgp_private_key_fingerprint,
path_to_file, artifact_to_sign_uri)
rekor_uuid = self._upload_to_rekor(rekor_server, rekor_entry)
step_result.add_artifact(name='rekor-entry', value=rekor_entry)
step_result.add_artifact(name='rekor-uuid', value=rekor_uuid)
rekor_uri = rekor_server + '/api/v1/log/entries/' + rekor_uuid
step_result.add_artifact(name='rekor-entry-uri', value=rekor_uri)
return step_result