def generate_cot(context, path=None):
"""Format and sign the cot body, and write to disk
Args:
context (scriptworker.context.Context): the scriptworker context.
path (str, optional): The path to write the chain of trust artifact to.
If None, this is artifact_dir/public/chainOfTrust.json.asc.
Defaults to None.
Returns:
str: the contents of the chain of trust artifact.
Raises:
ScriptWorkerException: on schema error.
"""
body = generate_cot_body(context)
try:
with open(context.config['cot_schema_path'], "r") as fh:
schema = json.load(fh)
except (IOError, ValueError) as e:
raise ScriptWorkerException("Can't read schema file {}: {}".format(
context.config['cot_schema_path'], str(e)))
validate_json_schema(body, schema, name="chain of trust")
body = format_json(body)
path = path or os.path.join(context.config['artifact_dir'], "public",
"chainOfTrust.json.asc")
if context.config['sign_chain_of_trust']:
body = sign(GPG(context), body)
with open(path, "w") as fh:
print(body, file=fh, end="")
return body
def generate_cot(context, parent_path=None):
"""Format and sign the cot body, and write to disk.
Args:
context (scriptworker.context.Context): the scriptworker context.
parent_path (str, optional): The directory to write the chain of trust
artifacts to. If None, this is ``artifact_dir/public/``.
Defaults to None.
Returns:
str: the contents of the chain of trust artifact.
Raises:
ScriptWorkerException: on schema error.
"""
body = generate_cot_body(context)
schema = load_json_or_yaml(
context.config['cot_schema_path'], is_path=True,
exception=ScriptWorkerException,
message="Can't read schema file {}: %(exc)s".format(context.config['cot_schema_path'])
)
validate_json_schema(body, schema, name="chain of trust")
body = format_json(body)
parent_path = parent_path or os.path.join(context.config['artifact_dir'], 'public')
unsigned_path = os.path.join(parent_path, 'chain-of-trust.json')
write_to_file(unsigned_path, body)
if context.config['sign_chain_of_trust']:
ed25519_signature_path = '{}.sig'.format(unsigned_path)
ed25519_private_key = ed25519_private_key_from_file(context.config['ed25519_private_key_path'])
ed25519_signature = ed25519_private_key.sign(body.encode('utf-8'))
write_to_file(ed25519_signature_path, ed25519_signature, file_type='binary')
return body
def generate_cot(context, parent_path=None):
"""Format and sign the cot body, and write to disk.
Args:
context (scriptworker.context.Context): the scriptworker context.
parent_path (str, optional): The directory to write the chain of trust
artifacts to. If None, this is ``artifact_dir/public/``.
Defaults to None.
Returns:
str: the contents of the chain of trust artifact.
Raises:
ScriptWorkerException: on schema error.
"""
body = generate_cot_body(context)
schema = load_json_or_yaml(
context.config['cot_schema_path'],
is_path=True,
exception=ScriptWorkerException,
message="Can't read schema file {}: %(exc)s".format(
context.config['cot_schema_path']))
validate_json_schema(body, schema, name="chain of trust")
body = format_json(body)
parent_path = parent_path or os.path.join(context.config['artifact_dir'],
'public')
asc_path = os.path.join(parent_path, "chainOfTrust.json.asc")
unsigned_path = os.path.join(parent_path, 'chain-of-trust.json')
write_to_file(unsigned_path, body)
if context.config['sign_chain_of_trust']:
ed25519_signature_path = '{}.sig'.format(unsigned_path)
ed25519_private_key = ed25519_private_key_from_file(
context.config['ed25519_private_key_path'])
ed25519_signature = ed25519_private_key.sign(body.encode('utf-8'))
write_to_file(ed25519_signature_path,
ed25519_signature,
file_type='binary')
body = sign(GPG(context), body)
write_to_file(asc_path, body)
return body
def create_cot_config(context, cot_config_path=None):
"""Create a Chain of Trust config from context.config['cot_config'] file.
Then validate it via the schema file, and freeze it.
Args:
context (scriptworker.context.Context): the scriptworker context.
Returns:
frozendict: the Chain of Trust config.
Raises:
SystemExit: on failure
"""
cot_config_path = cot_config_path or context.config['cot_config_path']
cot_config = _get_json_from_mandatory_file(cot_config_path, "create_cot_config")
with open(context.config['cot_config_schema_path'], "r") as fh:
schema = json.load(fh)
validate_json_schema(cot_config, schema, name="cot_config")
freeze_values(cot_config)
cot_config = frozendict(cot_config)
return cot_config
def test_invalid_task(schema):
with open(BASIC_TASK, "r") as fh:
task = json.load(fh)
with pytest.raises(ScriptWorkerTaskException):
client.validate_json_schema({"foo": task}, schema)
def test_validate_task(schema):
with open(BASIC_TASK, "r") as fh:
task = json.load(fh)
client.validate_json_schema(task, schema)
def test_invalid_task(schema):
with open(BASIC_TASK, "r") as fh:
task = json.load(fh)
with pytest.raises(ScriptWorkerTaskException):
client.validate_json_schema({'foo': task}, schema)
def test_validate_task(schema):
with open(BASIC_TASK, "r") as fh:
task = json.load(fh)
client.validate_json_schema(task, schema)
