def setUp(self):
self.working_dir = tempfile.mkdtemp()
self.TEST_REPO_FILENAME = os.path.join(self.working_dir, 'TestRepolibFile.repo')
self.TEST_MIRROR_LIST_FILENAME = os.path.join(self.working_dir,
'TestRepolibFile.mirrorlist')
self.TEST_KEYS_DIR = os.path.join(self.working_dir, 'TestRepolibFile-keys')
self.TEST_CERT_DIR = os.path.join(self.working_dir, 'TestRepolibFile-certificates')
self._LOCK_FILE = os.path.join(self.working_dir, 'test_repolib_lock.pid')
self.LOCK = Lock(self._LOCK_FILE)
def delete_repo_file(repo_filename, lock=None):
"""
Delete the repo file.
@param repo_filename: full path to the location of the repo file which
will be deleted; if this file does not exist
this call has no effect
@type repo_filename: string
@param lock: if the default lock is unacceptable, it may be overridden in this variable
@type lock: L{Lock}
"""
if not lock:
lock = Lock(LOCK_FILE)
lock.acquire()
try:
repo_file = RepoFile(repo_filename)
repo_file.delete()
finally:
lock.release()
def delete_repo_file(repo_filename, lock=None):
"""
Delete the repo file.
@param repo_filename: full path to the location of the repo file which
will be deleted; if this file does not exist
this call has no effect
@type repo_filename: string
@param lock: if the default lock is unacceptable, it may be overridden in this variable
@type lock: L{Lock}
"""
if not lock:
lock = Lock(LOCK_FILE)
lock.acquire()
try:
repo_file = RepoFile(repo_filename)
repo_file.delete()
finally:
lock.release()
def bind(repo_filename,
mirror_list_filename,
keys_root_dir,
cert_root_dir,
repo_id,
repo_name,
url_list,
gpg_keys,
clientcert,
enabled,
lock=None,
verify_ssl=True,
ca_path=DEFAULT_CA_PATH):
"""
Uses the given data to safely bind a repo to a repo file. This call will
determine the best method for representing the repo given the data in the
repo object as well as the list of URLs where the repo can be found.
The default lock is defined at the module level and is
used to ensure that concurrent access to the give files is prevented. Specific
locks can be passed in for testing purposes to circumvent the default
location of the lock which requires root access.
:param repo_filename: full path to the location of the repo file in which
the repo will be bound; this file does not need to
exist prior to this call
:type repo_filename: string
:param mirror_list_filename: full path to the location of the mirror list file
that should be written for the given repo if
necessary; this should be unique for the given repo
:type mirror_list_filename: string
:param keys_root_dir: absolute path to the root directory in which the keys for
all repos will be stored
:type keys_root_dir: string
:param cert_root_dir: absolute path to the root directory in which the certs for
all repos will be stored
:type cert_root_dir: string
:param repo_id: uniquely identifies the repo being updated
:type repo_id: string
:param repo_name: the repo name
:type repo_name: str
:param url_list: list of URLs that will be used to access the repo; this call
will determine the best way to represent the URL list in
the repo definition
:type url_list: list of strings
:param gpg_keys: mapping of key name to contents for GPG keys to be used when
verifying packages from this repo
:type gpg_keys: dict {string: string}
:param clientcert: The client certificate (PEM).
:type clientcert: str
:param lock: if the default lock is unacceptble, it may be overridden in this
variable
:type lock: L{Lock}
:param verify_ssl: Whether the repo file should be configured to validate CA trust.
Defaults to True.
:type verify_ssl: bool
:param ca_path: Absolute path to a directory that contains trusted CA certificates.
Defaults to pulp.bindings.server.DEFAULT_CA_PATH.
:type ca_path: basestring
"""
if not lock:
lock = Lock(LOCK_FILE)
lock.acquire()
try:
log.info('Binding repo [%s]' % repo_id)
repo_file = RepoFile(repo_filename)
repo_file.load()
# In the case of an update, only the changed values will have been sent.
# Therefore, any of the major data components (repo data, url list, keys)
# may be None.
if repo_name is not None:
repo = _convert_repo(repo_id, enabled, repo_name)
else:
repo = repo_file.get_repo(repo_id)
if gpg_keys is not None:
_handle_gpg_keys(repo, gpg_keys, keys_root_dir)
_handle_client_cert(repo, cert_root_dir, clientcert)
if verify_ssl:
repo['sslverify'] = '1'
repo['sslcacert'] = ca_path
else:
repo['sslverify'] = '0'
if url_list is not None:
_handle_host_urls(repo, url_list, mirror_list_filename)
if repo_file.get_repo(repo.id):
log.info('Updating existing repo [%s]' % repo.id)
repo_file.update_repo(repo)
else:
log.info('Adding new repo [%s]' % repo.id)
repo_file.add_repo(repo)
repo_file.save()
finally:
lock.release()
def unbind(repo_filename, mirror_list_filename, keys_root_dir, cert_root_dir, repo_id, lock=None):
"""
Removes the repo identified by repo_id from the given repo file. If the repo is
not bound, this call has no effect. If the mirror list file exists, it will be
deleted.
The default lock is defined at the module level and is
used to ensure that concurrent access to the give files is prevented. Specific
locks can be passed in for testing purposes to circumvent the default
location of the lock which requires root access.
@param repo_filename: full path to the location of the repo file in which
the repo will be removed; if this file does not exist
this call has no effect
@type repo_filename: string
@param mirror_list_filename: full path to the location of the mirror list file
that may exist for the given repo; if the file does
not exist this field will be ignored
@type mirror_list_filename: string
@param keys_root_dir: absolute path to the root directory in which the keys for
all repos will be stored
@type keys_root_dir: string
@param cert_root_dir: absolute path to the root directory in which the certs for
all repos will be stored
@type cert_root_dir: string
@param repo_id: identifies the repo in the repo file to delete
@type repo_id: string
@param lock: if the default lock is unacceptable, it may be overridden in this variable
@type lock: L{Lock}
"""
if not lock:
lock = Lock(LOCK_FILE)
lock.acquire()
try:
log.info('Unbinding repo [%s]' % repo_id)
if not os.path.exists(repo_filename):
return
# Repo file changes
repo_file = RepoFile(repo_filename)
repo_file.load()
repo_file.remove_repo_by_name(repo_id) # will not throw an error if repo doesn't exist
repo_file.save()
# Mirror list removal
if os.path.exists(mirror_list_filename):
os.remove(mirror_list_filename)
# Keys removal
repo_keys = RepoKeyFiles(keys_root_dir, repo_id)
repo_keys.update_filesystem()
# cert removal
certificates = CertFiles(cert_root_dir, repo_id)
certificates.apply()
finally:
lock.release()
def bind(repo_filename,
mirror_list_filename,
keys_root_dir,
cert_root_dir,
repo_id,
repo_name,
url_list,
gpg_keys,
clientcert,
enabled,
lock=None,
verify_ssl=True,
ca_path=DEFAULT_CA_PATH):
"""
Uses the given data to safely bind a repo to a repo file. This call will
determine the best method for representing the repo given the data in the
repo object as well as the list of URLs where the repo can be found.
The default lock is defined at the module level and is
used to ensure that concurrent access to the give files is prevented. Specific
locks can be passed in for testing purposes to circumvent the default
location of the lock which requires root access.
:param repo_filename: full path to the location of the repo file in which
the repo will be bound; this file does not need to
exist prior to this call
:type repo_filename: string
:param mirror_list_filename: full path to the location of the mirror list file
that should be written for the given repo if
necessary; this should be unique for the given repo
:type mirror_list_filename: string
:param keys_root_dir: absolute path to the root directory in which the keys for
all repos will be stored
:type keys_root_dir: string
:param cert_root_dir: absolute path to the root directory in which the certs for
all repos will be stored
:type cert_root_dir: string
:param repo_id: uniquely identifies the repo being updated
:type repo_id: string
:param repo_name: the repo name
:type repo_name: str
:param url_list: list of URLs that will be used to access the repo; this call
will determine the best way to represent the URL list in
the repo definition
:type url_list: list of strings
:param gpg_keys: mapping of key name to contents for GPG keys to be used when
verifying packages from this repo
:type gpg_keys: dict {string: string}
:param clientcert: The client certificate (PEM).
:type clientcert: str
:param enabled: Whether or not the repository is set to 'enabled'
:type enabled: bool
:param lock: if the default lock is unacceptble, it may be overridden in this
variable
:type lock: L{Lock}
:param verify_ssl: Whether the repo file should be configured to validate CA trust.
Defaults to True.
:type verify_ssl: bool
:param ca_path: Absolute path to a directory that contains trusted CA certificates.
Defaults to pulp.bindings.server.DEFAULT_CA_PATH.
:type ca_path: basestring
"""
if not lock:
lock = Lock(LOCK_FILE)
lock.acquire()
try:
log.info('Binding repo [%s]' % repo_id)
repo_file = RepoFile(repo_filename)
repo_file.load()
# In the case of an update, only the changed values will have been sent.
# Therefore, any of the major data components (repo data, url list, keys)
# may be None.
repo = repo_file.get_repo(repo_id)
if not repo:
# if no repo name is provided for a new repo, use the id for the name
repo = Repo(repo_id)
if repo_name is None:
repo['name'] = repo_id
else:
repo['name'] = repo_name
repo['enabled'] = str(int(enabled))
if repo_name:
repo['name'] = repo_name
if gpg_keys is not None:
_handle_gpg_keys(repo, gpg_keys, keys_root_dir)
_handle_client_cert(repo, cert_root_dir, clientcert)
if verify_ssl:
repo['sslverify'] = '1'
repo['sslcacert'] = ca_path
else:
repo['sslverify'] = '0'
if url_list is not None:
_handle_host_urls(repo, url_list, mirror_list_filename)
if repo_file.get_repo(repo.id):
log.info('Updating existing repo [%s]' % repo.id)
repo_file.update_repo(repo)
else:
log.info('Adding new repo [%s]' % repo.id)
repo_file.add_repo(repo)
repo_file.save()
finally:
lock.release()
def unbind(repo_filename, mirror_list_filename, keys_root_dir, cert_root_dir, repo_id, lock=None):
"""
Removes the repo identified by repo_id from the given repo file. If the repo is
not bound, this call has no effect. If the mirror list file exists, it will be
deleted.
The default lock is defined at the module level and is
used to ensure that concurrent access to the give files is prevented. Specific
locks can be passed in for testing purposes to circumvent the default
location of the lock which requires root access.
@param repo_filename: full path to the location of the repo file in which
the repo will be removed; if this file does not exist
this call has no effect
@type repo_filename: string
@param mirror_list_filename: full path to the location of the mirror list file
that may exist for the given repo; if the file does
not exist this field will be ignored
@type mirror_list_filename: string
@param keys_root_dir: absolute path to the root directory in which the keys for
all repos will be stored
@type keys_root_dir: string
@param cert_root_dir: absolute path to the root directory in which the certs for
all repos will be stored
@type cert_root_dir: string
@param repo_id: identifies the repo in the repo file to delete
@type repo_id: string
@param lock: if the default lock is unacceptable, it may be overridden in this variable
@type lock: L{Lock}
"""
if not lock:
lock = Lock(LOCK_FILE)
lock.acquire()
try:
log.info('Unbinding repo [%s]' % repo_id)
if not os.path.exists(repo_filename):
return
# Repo file changes
repo_file = RepoFile(repo_filename)
repo_file.load()
repo_file.remove_repo_by_name(repo_id) # will not throw an error if repo doesn't exist
repo_file.save()
# Mirror list removal
if os.path.exists(mirror_list_filename):
os.remove(mirror_list_filename)
# Keys removal
repo_keys = RepoKeyFiles(keys_root_dir, repo_id)
repo_keys.update_filesystem()
# cert removal
certificates = CertFiles(cert_root_dir, repo_id)
certificates.apply()
finally:
lock.release()
TEST_REPO_FILENAME = '/tmp/TestRepolibFile.repo'
TEST_MIRROR_LIST_FILENAME = '/tmp/TestRepolibFile.mirrorlist'
TEST_KEYS_DIR = '/tmp/TestRepolibFile-keys'
TEST_CERT_DIR = '/tmp/TestRepolibFile-certificates'
CACERT = 'MY-CA-CERTIFICATE'
CLIENTCERT = 'MY-CLIENT-KEY-AND-CERTIFICATE'
REPO_ID = 'repo-1'
REPO_NAME = 'Repository 1'
ENABLED = True
# Lock that doesn't require root privileges
_LOCK_FILE = '/tmp/test_repolib_lock.pid'
LOCK = Lock(_LOCK_FILE)
class TestRepolib(unittest.TestCase):
def setUp(self):
# Clean up from any previous runs that may have exited abnormally
if os.path.exists(TEST_REPO_FILENAME):
os.remove(TEST_REPO_FILENAME)
if os.path.exists(TEST_MIRROR_LIST_FILENAME):
os.remove(TEST_MIRROR_LIST_FILENAME)
if os.path.exists(TEST_KEYS_DIR):
shutil.rmtree(TEST_KEYS_DIR)
if os.path.exists(TEST_CERT_DIR):