def test_link_cot(chain): link = cotverify.LinkOfTrust(chain.context, 'build', "task_id") cot = get_cot(chain.task, task_id=link.task_id) link.cot = cot assert link.cot == cot with pytest.raises(CoTError): link.cot = {} # mismatched taskId should raise link2 = cotverify.LinkOfTrust(chain.context, 'build', "different_task_id") with pytest.raises(CoTError): link2.cot = cot
def test_link_task(chain): link = cotverify.LinkOfTrust(chain.context, 'build', "one") link.task = chain.task assert not link.is_try assert link.worker_impl == 'scriptworker' with pytest.raises(CoTError): link.task = {}
def docker_image_link(chain): link = cotverify.LinkOfTrust(chain.context, 'docker-image', 'docker_image_task_id') link.cot = { 'taskId': 'docker_image_task_id', 'artifacts': { 'path/image': { 'sha256': 'built_docker_image_sha', }, }, 'environment': { 'imageHash': "sha256:docker_image_sha", }, } link.task = { 'taskGroupId': 'decision_task_id', 'schedulerId': 'scheduler_id', 'provisionerId': 'provisioner_id', 'workerType': 'workerType', 'scopes': [], 'metadata': { 'source': 'https://hg.mozilla.org/mozilla-central', }, 'payload': { 'image': "blah", 'env': { "HEAD_REF": "x", }, 'command': ["/bin/bash", "-c", "/home/worker/bin/build_image.sh"], }, 'extra': {}, } yield link
def release_action_link(chain): # Release action tasks look like decision tasks (self-contained graph) but # are action tasks. link = cotverify.LinkOfTrust(chain.context, 'decision', 'relaction_task_id') link.cot = { 'taskId': 'relaction_task_id', 'environment': { 'imageHash': "sha256:decision_image_sha", }, } link.task = { 'taskGroupId': 'relaction_task_id', 'schedulerId': 'scheduler_id', 'provisionerId': 'provisioner_id', 'workerType': 'workerType', 'scopes': [], 'metadata': { 'source': 'https://hg.mozilla.org/mozilla-central', }, 'payload': { 'image': "blah", }, 'extra': { 'action': {}, 'parent': 'decision_task_id', }, } yield link
def test_get_link(chain, ids, req, raises): for i in ids: l = cotverify.LinkOfTrust(chain.context, 'build', i) chain.links.append(l) if raises: with pytest.raises(CoTError): chain.get_link(req) else: chain.get_link(req)
def build_link(chain): link = cotverify.LinkOfTrust(chain.context, 'build', 'build_task_id') link.cot = { 'taskId': 'build_task_id', 'environment': { 'imageArtifactHash': "sha256:built_docker_image_sha", }, } link.task = { 'taskGroupId': 'decision_task_id', 'schedulerId': 'scheduler_id', 'provisionerId': 'provisioner', 'workerType': 'workerType', 'scopes': [], 'dependencies': ['some_task_id'], 'metadata': { 'source': 'https://hg.mozilla.org/mozilla-central', }, 'payload': { 'artifacts': { 'foo': { 'sha256': "foo_sha", 'expires': "blah", }, 'bar': { 'sha256': "bar_sha", }, }, 'image': { 'taskId': 'docker_image_task_id', 'path': 'path/image', }, 'env': { 'HG_STORE_PATH': 'foo', }, }, 'extra': { 'chainOfTrust': { 'inputs': { 'docker-image': 'docker_image_task_id', }, }, 'parent': 'decision_task_id', }, } yield link
def decision_link(chain): link = cotverify.LinkOfTrust(chain.context, 'decision', 'decision_task_id') link.cot = { 'environment': { 'imageHash': "sha256:decision_image_sha", }, } link.task = { 'taskGroupId': 'decision_task_id', 'schedulerId': 'scheduler_id', 'provisionerId': 'provisioner_id', 'workerType': 'workerType', 'scopes': [], 'metadata': { 'source': 'https://hg.mozilla.org/mozilla-central', }, 'payload': { 'image': "blah", }, 'extra': {}, } yield link
def test_dependent_task_ids(chain): ids = ["one", "TWO", "thr33", "vier"] for i in ids: l = cotverify.LinkOfTrust(chain.context, 'build', i) chain.links.append(l) assert sorted(chain.dependent_task_ids()) == sorted(ids)
def test_link_cot(chain): link = cotverify.LinkOfTrust(chain.context, 'build', "one") link.cot = chain.task assert link.cot == chain.task with pytest.raises(CoTError): link.cot = {}