def test_run_script_shell_argument(self, mock_open, redirect_callback_mock, tox_shell_command_mock): # When I use run_tox() to run 'command with:args' run_tox('/my/output/file', 'mycommand') # Then it should run a shell command, `tox command with:args` tox_shell_command_mock.assert_any_call('mycommand', _out=Any(StringIO), _err=Any(StringIO))
def test_run_script_shell_argument_env_vars(self, mock_open, redirect_callback_mock, npm_shell_command_mock): # When I use run_npm() to run 'command with:args with:envs' run_npm('/my/output/file', 'mycommand', { "KEY1": "VALUE1", "KEY2": "VALUE2" }) # Then it should run a shell command, `npm command with:args` npm_shell_command_mock.assert_any_call('mycommand', _out=Any(StringIO), _err=Any(StringIO), _env=Any(Dict))
def test___import_pgp_key_fail_get_fingerprint(self, gpg_mock): pgp_private_key=TestStepImplementerSignContainerImagePodman.TEST_FAKE_PRIVATE_KEY with self.assertRaisesRegex( StepRunnerException, re.compile( r"Error getting PGP fingerprint for PGP key" r" to sign container image\(s\) with. See stdout and stderr for more info.", re.DOTALL ) ): PodmanSign._PodmanSign__import_pgp_key( pgp_private_key=pgp_private_key ) gpg_mock.assert_called_once_with( '--import', '--fingerprint', '--with-colons', '--import-options=import-show', _in=pgp_private_key, _out=Any(IOBase), _err_to_out=True, _tee='out' )
def test___sign_image_podman_image_sign_to_many_sigs(self, podman_mock): with TempDirectory() as temp_dir: pgp_private_key_fingerprint = 'abc123' image_signatures_directory = os.path.join(temp_dir.path, 'signatures') container_image_tag = 'does/not/matter:v0.42.0' podman_mock.image.side_effect = TestStepImplementerSignContainerImagePodman.\ create_podman_image_sign_side_effect(num_signatures=2) with self.assertRaisesRegex( StepRunnerException, re.compile( r"Unexpected number of signature files, expected 1: \['.*', '.*'\]", re.DOTALL ) ): PodmanSign._PodmanSign__sign_image( pgp_private_key_fingerprint=pgp_private_key_fingerprint, image_signatures_directory=image_signatures_directory, container_image_tag=container_image_tag ) podman_mock.image.assert_called_once_with( 'sign', f'--sign-by={pgp_private_key_fingerprint}', f'--directory={image_signatures_directory}', f'docker://{container_image_tag}', _out=Any(IOBase), _err_to_out=True, _tee='out' )
def test_audit_attestation_pass(self, audit_results_mock): step_config = { 'workflow-policy-uri': "https://foo.bar" } step_implementer = self.create_step_implementer( step_config=step_config ) audit_results_mock.return_value = "pass" workflow_attestation_file_path = "workflow_attestation_file_path" workflow_policy_file_path = "workflow_policy_file_path" workflow_policy_query = "fooquery" step_implementer._OpenPolicyAgent__audit_attestation( workflow_attestation_file_path = "workflow_attestation_file_path", workflow_policy_file_path = "workflow_policy_file_path", workflow_policy_query = "fooquery" ) audit_results_mock.assert_called_once_with( 'eval', '--fail-defined', '-d', workflow_attestation_file_path, '-i', workflow_policy_file_path, workflow_policy_query, _out=Any(IOBase), _err_to_out=True, _tee='out' )
def test___sign_image_podman_image_sign_fail(self, podman_mock): with TempDirectory() as temp_dir: pgp_private_key_fingerprint = 'abc123' image_signatures_directory = os.path.join(temp_dir.path, 'signatures') container_image_tag = 'does/not/matter:v0.42.0' podman_mock.image.side_effect = sh.ErrorReturnCode('podman', b'mock stdout', b'mock error signing image') with self.assertRaisesRegex( StepRunnerException, re.compile( rf"Error signing image \({container_image_tag}\):" r".*RAN: podman" r".*STDOUT:" r".*mock stdout" r".*STDERR:" r".*mock error signing image", re.DOTALL ) ): PodmanSign._PodmanSign__sign_image( pgp_private_key_fingerprint=pgp_private_key_fingerprint, image_signatures_directory=image_signatures_directory, container_image_tag=container_image_tag ) podman_mock.image.assert_called_once_with( 'sign', f'--sign-by={pgp_private_key_fingerprint}', f'--directory={image_signatures_directory}', f'docker://{container_image_tag}', _out=Any(IOBase), _err_to_out=True, _tee='out' )
def test_import_pgp_key_gpg_import_fail(self, gpg_mock): gpg_mock.side_effect = sh.ErrorReturnCode('gpg', b'mock stdout', b'mock error') pgp_private_key = TestImportPGPKey.TEST_FAKE_PRIVATE_KEY with self.assertRaisesRegex( RuntimeError, re.compile( r"Error importing pgp private key:" r".*RAN: gpg" r".*STDOUT:" r".*mock stdout" r".*STDERR:" r".*mock error", re.DOTALL)): import_pgp_key(pgp_private_key=pgp_private_key) gpg_mock.assert_called_once_with('--import', '--fingerprint', '--with-colons', '--import-options=import-show', _in=pgp_private_key, _out=Any(IOBase), _err_to_out=True, _tee='out')
def test___import_pgp_key_gpg_import_fail(self, gpg_mock): gpg_mock.side_effect = sh.ErrorReturnCode('gpg', b'mock stdout', b'mock error') pgp_private_key = TestStepImplementerSignContainerImagePodman.TEST_FAKE_PRIVATE_KEY with self.assertRaisesRegex( StepRunnerException, re.compile( r"Error importing pgp private key:" r".*RAN: gpg" r".*STDOUT:" r".*mock stdout" r".*STDERR:" r".*mock error", re.DOTALL)): PodmanSign._PodmanSign__import_pgp_key( pgp_private_key=pgp_private_key) gpg_mock.assert_called_once_with('--import', '--fingerprint', '--with-colons', '--import-options=import-show', _in=pgp_private_key, _out=Any(IOBase), _err_to_out=True, _tee='out')
def test___get_oscap_document_type_xccdf(self, oscap_mock): oscap_input_file = '/does/not/matter.xml' sh.oscap.info.side_effect = create_sh_side_effect(mock_stdout=""" Document type: XCCDF Checklist Checklist version: 1.1 Imported: 2020-02-11T13:41:07 Status: draft Generated: 2020-02-11 Resolved: true Profiles: Title: Protection Profile for General Purpose Operating Systems Id: ospp Title: PCI-DSS v3.2.1 Control Baseline for Red Hat Enterprise Linux 8 Id: pci-dss Title: [DRAFT] DISA STIG for Red Hat Enterprise Linux 8 Id: stig Title: Australian Cyber Security Centre (ACSC) Essential Eight Id: e8 Referenced check files: ssg-rhel8-oval.xml system: http://oval.mitre.org/XMLSchema/oval-definitions-5 ssg-rhel8-ocil.xml system: http://scap.nist.gov/schema/ocil/2 https://www.redhat.com/security/data/oval/com.redhat.rhsa-RHEL8.xml system: http://oval.mitre.org/XMLSchema/oval-definitions-5""") oscap_document_type = OpenSCAPGeneric._OpenSCAPGeneric__get_oscap_document_type( oscap_input_file=oscap_input_file) sh.oscap.info.assert_called_once_with(oscap_input_file, _out=Any(IOBase)) self.assertEqual(oscap_document_type, 'XCCDF Checklist')
def test___get_oscap_document_type_sds(self, oscap_mock): oscap_input_file = '/does/not/matter.xml' sh.oscap.info.side_effect = create_sh_side_effect(mock_stdout=""" Document type: Source Data Stream Imported: 2020-10-07T05:34:29 Stream: scap_org.open-scap_datastream_from_xccdf_com.redhat.rhsa-all.xml-xccdf12 Generated: (null) Version: 1.2 Checklists: Ref-Id: scap_org.open-scap_cref_com.redhat.rhsa-all.xml-xccdf12 Status: incomplete Resolved: true Profiles: Referenced check files: com.redhat.rhsa-all.xml system: http://oval.mitre.org/XMLSchema/oval-definitions-5 Checks: Ref-Id: scap_org.open-scap_cref_com.redhat.rhsa-all.xml No dictionaries.""") oscap_document_type = OpenSCAPGeneric._OpenSCAPGeneric__get_oscap_document_type( oscap_input_file=oscap_input_file) sh.oscap.info.assert_called_once_with(oscap_input_file, _out=Any(IOBase)) self.assertEqual(oscap_document_type, 'Source Data Stream')
def test___buildah_import_image_from_tar_success(self, buildah_mock): image_tar_file = "/does/not/matter.tar" container_name = "test" OpenSCAPGeneric._OpenSCAPGeneric__buildah_import_image_from_tar( image_tar_file=image_tar_file, container_name=container_name) buildah_mock.assert_called_once_with( 'from', '--storage-driver', 'vfs', '--name', container_name, f"docker-archive:{image_tar_file}", _out=Any(IOBase), _err=Any(IOBase), _tee='err')
def test_success_with_report_dir_deployed_host_urls_not_list( self, mock_gather_evidence, mock_write_working_file, mock_run_npm_step ): with TempDirectory() as test_dir: # setup test parent_work_dir_path = os.path.join(test_dir.path, 'working') step_config = { 'deployed-host-urls': 'https://mock.ploigos.org/mock-app-1', 'npm-envs': { 'VAR1': 'VAL1', 'VAR2': 'VAL2' }, 'test-reports-dir': '/mock/test-results-dir', "target-host-env-var-name": "APP_ROUTE" } step_implementer = self.create_step_implementer( step_config=step_config, parent_work_dir_path=parent_work_dir_path, ) # run test actual_step_result = step_implementer._run_step() # verify results expected_step_result = StepResult( step_name='unit-test', sub_step_name='NpmXunitIntegrationTest', sub_step_implementer_name='NpmXunitIntegrationTest' ) expected_step_result.add_artifact( description="Standard out and standard error from npm.", name='npm-output', value='/mock/npm_output.txt' ) expected_step_result.add_artifact( description="Test report generated when running tests.", name='test-report', value='/mock/test-results-dir' ) self.assertEqual(actual_step_result, expected_step_result) mock_run_npm_step.assert_called_once_with( npm_output_file_path='/mock/npm_output.txt', step_implementer_additional_envs={ 'APP_ROUTE': 'https://mock.ploigos.org/mock-app-1'} ) mock_gather_evidence.assert_called_once_with( step_result=Any(StepResult), test_report_dirs='/mock/test-results-dir' ) self.assertEqual(step_implementer.npm_args, ['run', 'test:uat'])
def test_run_shell_command(self, os_path_exists_mock, tox_shell_command_mock): # Given a working directory with TempDirectory() as temp_dir: working_dir_path = os.path.join(temp_dir.path, 'working') # Given an ToxTest step implementer tox_test = self.create_given_step_implementer(ToxTest, parent_work_dir_path=working_dir_path) # When I run the step tox_test.run_step() # Then it should run a shell command, 'tox test' tox_shell_command_mock.assert_any_call( ('-q', '-e', 'test',), _out=Any(StringIO), _err=Any(StringIO) )
def test_run_shell_command(self, os_path_exists_mock, npm_shell_command_mock): # Given a working directory with TempDirectory() as temp_dir: working_dir_path = os.path.join(temp_dir.path, 'working') # Given an NpmPackage step implementer npm_test = self.create_given_step_implementer( NpmPackage, parent_work_dir_path=working_dir_path) # When I run the step npm_test.run_step() # Then it should run a shell command, 'npm test' npm_shell_command_mock.assert_any_call('install', _out=Any(StringIO), _err=Any(StringIO))
def test_upload_to_rekor(self, rekor_mock, create_mock): with TempDirectory() as temp_dir: parent_work_dir_path = os.path.join(temp_dir.path, 'working') signer_pgp_public_key_path = os.path.join( os.path.dirname(__file__), '../../helpers', 'files', 'ploigos-step-runner-tests-public.key') step_config = { 'rekor-server-url': self.TEST_REKOR_SERVER_URL, 'signer-pgp-private-key': self.TEST_PGP_SIGNER_PRIVATE_KEY } step_implementer = self.create_step_implementer( step_config=step_config, parent_work_dir_path=parent_work_dir_path, artifact_to_sign_uri_config_key=self.TEST_ARTIFACT_TO_SIGN_URI) artifact_data_file = os.path.join(parent_work_dir_path, 'automated-governance', 'automated-governance.json') artifact_data_file_path = Path(artifact_data_file) WorkflowResult().write_results_to_json_file( artifact_data_file_path) rekor_entry_path_name = os.path.join(parent_work_dir_path, 'automated-governance', 'entry.json') def create_mock_side_effect(signer_pgp_public_key_path, signer_pgp_private_key_user, extra_data_file): return self.TEST_REKOR_ENTRY def rekor_mock_side_effect(*args, **kwargs): return 'Created entry at: ' + args[ 2] + '/api/v1/log/entries/' + self.TEST_REKOR_UUID create_mock.side_effect = create_mock_side_effect rekor_mock.side_effect = rekor_mock_side_effect rekor_entry_path = Path(rekor_entry_path_name) rekor_entry_path.touch() result_uuid = step_implementer._upload_to_rekor( rekor_server=self.TEST_REKOR_SERVER_URL, rekor_entry=self.TEST_REKOR_ENTRY) rekor_mock.assert_called_once_with('upload', '--rekor_server', self.TEST_REKOR_SERVER_URL, '--entry', rekor_entry_path_name, _out=Any(IOBase), _err_to_out=True, _tee='out') self.assertEqual(result_uuid, self.TEST_REKOR_UUID)
def test_run_step_pass_nofips(self, curl_mock): with TempDirectory() as temp_dir: work_dir_path = os.path.join(temp_dir.path, 'working') signature_file_path = 'signature-1' temp_dir.write(signature_file_path, b'bogus signature') container_image_signature_file_path = os.path.join(temp_dir.path, signature_file_path) container_image_signature_name = 'jkeam/hello-node@sha256=2cbdb73c9177e63e85d267f738e' \ '99e368db3f806eab4c541f5c6b719e69f1a2b/signature-1' step_config = { 'container-image-signature-server-url': 'https://sigserver/signatures', 'container-image-signature-server-username': '******', 'container-image-signature-server-password': '******', 'with-fips': False } # Previous (fake) results artifact_config = { 'container-image-signature-file-path': {'value': container_image_signature_file_path}, 'container-image-signature-name': {'value': container_image_signature_name}, } workflow_result = self.setup_previous_result(work_dir_path, artifact_config) # Actual results step_implementer = self.create_step_implementer( step_config=step_config, step_name='sign-container-image', implementer='CurlPush', workflow_result=workflow_result, work_dir_path=work_dir_path ) result = step_implementer._run_step() # # Expected results expected_step_result = StepResult(step_name='sign-container-image', sub_step_name='CurlPush', sub_step_implementer_name='CurlPush') expected_step_result.add_artifact(name='container-image-signature-url', value=f'https://sigserver/signatures/{container_image_signature_name}') expected_step_result.add_artifact(name='container-image-signature-file-sha1', value='d9ba1fc747829392883c48adfe4bb688239dc8b2') expected_step_result.add_artifact(name='container-image-signature-file-md5', value='b66c5c3d4ab37a50e69a05d72ba302fa') self.assertEqual(expected_step_result.get_step_result_dict(), result.get_step_result_dict()) curl_mock.assert_called_once_with( '-sSfv', '-X', 'PUT', '--user', "admin:adminPassword", '--upload-file', container_image_signature_file_path, '--header', StringRegexParam(r'X-Checksum-Sha1:.+'), '--header', StringRegexParam(r'X-Checksum-MD5:.+'), f"https://sigserver/signatures/{container_image_signature_name}", _out=Any(IOBase), _err_to_out=True, _tee='out' )
def test_run_install_shell_command(self, os_path_exists_mock, npm_shell_command_mock): # Given a working directory with TempDirectory() as temp_dir: working_dir_path = os.path.join(temp_dir.path, 'working') # Given an NpmTest step implementer that is configured to run 'npm install' before running the unit tests npm_test = self.create_given_step_implementer( NpmTest, step_config={'install-first': True}, parent_work_dir_path=working_dir_path) # When I run the step npm_test.run_step() # Then it should run a shell command, 'npm install' npm_shell_command_mock.assert_any_call('install', _out=Any(StringIO), _err=Any(StringIO))
def test_fail_with_report_dir( self, mock_gather_evidence, mock_get_test_report_dir, mock_write_working_file, mock_run_maven_step ): with TempDirectory() as test_dir: # setup test parent_work_dir_path = os.path.join(test_dir.path, 'working') pom_file = os.path.join(test_dir.path, 'mock-pom.xml') step_config = { 'pom-file': pom_file } step_implementer = self.create_step_implementer( step_config=step_config, parent_work_dir_path=parent_work_dir_path, ) # setup mocks mock_run_maven_step.side_effect = StepRunnerException('mock error') # run test actual_step_result = step_implementer._run_step() # verify results expected_step_result = StepResult( step_name='unit-test', sub_step_name='MavenTest', sub_step_implementer_name='MavenTest' ) expected_step_result.success = False expected_step_result.message = "Error running maven. " \ "More details maybe found in report artifacts: " \ "mock error" expected_step_result.add_artifact( description="Standard out and standard error from maven.", name='maven-output', value='/mock/mvn_output.txt' ) expected_step_result.add_artifact( description="Test report generated when running unit tests.", name='test-report', value='/mock/test-results-dir' ) self.assertEqual(actual_step_result, expected_step_result) mock_run_maven_step.assert_called_once_with( mvn_output_file_path='/mock/mvn_output.txt' ) mock_gather_evidence.assert_called_once_with( step_result=Any(StepResult), test_report_dir='/mock/test-results-dir' )
def test_success_failure(self, mock_open, redirect_mock, mvn_mock): with TempDirectory() as temp_dir: mvn_output_file_path = os.path.join(temp_dir.path, 'maven_output.txt') settings_file = '/fake/settings.xml' pom_file = '/fake/pom.xml' phases_and_goals = 'fake' mvn_mock.side_effect = sh.ErrorReturnCode('mvn', b'mock stdout', b'mock error') with self.assertRaisesRegex( StepRunnerException, re.compile( r"Error running maven." r".*RAN: mvn" r".*STDOUT:" r".*mock stdout" r".*STDERR:" r".*mock error", re.DOTALL)): run_maven( mvn_output_file_path=mvn_output_file_path, settings_file=settings_file, pom_file=pom_file, phases_and_goals=phases_and_goals, ) mock_open.assert_called_with(mvn_output_file_path, 'w') redirect_mock.assert_has_calls([ call([sys.stdout, mock_open.return_value]), call([sys.stderr, mock_open.return_value]) ]) mvn_mock.assert_called_once_with('fake', '-f', '/fake/pom.xml', '-s', '/fake/settings.xml', '--no-transfer-progress', _out=Any(StringIO), _err=Any(StringIO))
def test_success_with_report_dir_deployed_host_urls_list_multiple_entries( self, mock_gather_evidence, mock_write_working_file, mock_run_npm_step): with TempDirectory() as test_dir: # setup test parent_work_dir_path = os.path.join(test_dir.path, 'working') deployed_host_urls = [ 'https://mock.ploigos.org/mock-app-1', 'https://mock.ploigos.org/mock-app-2' ] step_config = { 'npm-test-script': 'myscript', 'deployed-host-urls': deployed_host_urls, 'npm-envs': { 'VAR1': 'VAL1', 'VAR2': 'VAL2' }, 'test-reports-dir': '/mock/test-results-dir', "target-host-env-var-name": "APP_ROUTE" } step_implementer = self.create_step_implementer( step_config=step_config, parent_work_dir_path=parent_work_dir_path, ) # run test actual_step_result = step_implementer._run_step() # verify results expected_step_result = StepResult( step_name='shared', sub_step_name='NpmXunitGeneric', sub_step_implementer_name='NpmXunitGeneric') expected_step_result.add_artifact( description="Standard out and standard error from npm.", name='npm-output', value='/mock/npm_output.txt') expected_step_result.add_artifact( description="Test report generated when running tests.", name='test-report', value='/mock/test-results-dir') expected_step_result.message = f"Given more than one deployed host URL ({deployed_host_urls})," \ f" targeting first one ({deployed_host_urls[0]}) for test." self.assertEqual(actual_step_result, expected_step_result) mock_run_npm_step.assert_called_once_with( npm_output_file_path='/mock/npm_output.txt', step_implementer_additional_envs={ 'APP_ROUTE': 'https://mock.ploigos.org/mock-app-1' }) mock_gather_evidence.assert_called_once_with( step_result=Any(StepResult), test_report_dirs='/mock/test-results-dir')
def test_export_pgp_public_key_success(self, gpg_mock): gpg_mock.side_effect = TestExportPGPKey.TEST_FAKE_PUBLIC_KEY pgp_private_key_fingerprint = TestExportPGPKey.TEST_FAKE_FINGERPRINT export_pgp_public_key( pgp_private_key_fingerprint=pgp_private_key_fingerprint) gpg_mock.assert_called_once_with('--armor', '--export', pgp_private_key_fingerprint, _out=Any(IOBase), _err_to_out=False, _tee='out')
def test___buildah_mount_container_success(self, buildah_mock): buildah_unshare_comand = sh.buildah.bake('unshare') container_name = "test" expected_mount_path = '/this/is/a/path' buildah_mock.bake('unshare').bake( 'buildah', 'mount').side_effect = create_sh_side_effect( mock_stdout=f"{expected_mount_path}", ) container_mount_path = OpenSCAPGeneric._OpenSCAPGeneric__buildah_mount_container( buildah_unshare_comand=buildah_unshare_comand, container_id=container_name) self.assertEqual(container_mount_path, expected_mount_path) buildah_mock.bake('unshare').bake( 'buildah', 'mount').assert_called_once_with('--storage-driver', 'vfs', container_name, _out=Any(IOBase), _err=Any(IOBase), _tee='err')
def test___import_pgp_key_success(self, gpg_mock): gpg_mock.side_effect = TestStepImplementerSignContainerImagePodman.gpg_side_effect pgp_private_key = TestStepImplementerSignContainerImagePodman.TEST_FAKE_PRIVATE_KEY PodmanSign._PodmanSign__import_pgp_key(pgp_private_key=pgp_private_key) gpg_mock.assert_called_once_with('--import', '--fingerprint', '--with-colons', '--import-options=import-show', _in=pgp_private_key, _out=Any(IOBase), _err_to_out=True, _tee='out')
def test_import_pgp_key_success(self, gpg_mock): gpg_mock.side_effect = TestImportPGPKey.gpg_side_effect pgp_private_key = TestImportPGPKey.TEST_FAKE_PRIVATE_KEY import_pgp_key(pgp_private_key=pgp_private_key) gpg_mock.assert_called_once_with('--import', '--fingerprint', '--with-colons', '--import-options=import-show', _in=pgp_private_key, _out=Any(IOBase), _err_to_out=True, _tee='out')
def test_success_with_report_dir_deployed_host_urls_list_multiple_entries( self, mock_gather_evidence, mock_get_test_report_dir, mock_write_working_file, mock_run_maven_step): with TempDirectory() as test_dir: # setup test parent_work_dir_path = os.path.join(test_dir.path, 'working') pom_file = os.path.join(test_dir.path, 'mock-pom.xml') step_config = { 'pom-file': pom_file, 'target-host-url-maven-argument-name': 'mock.target-host-url-param', 'deployed-host-urls': [ 'https://mock.ploigos.org/mock-app-1', 'https://mock.ploigos.org/mock-app-2' ] } step_implementer = self.create_step_implementer( step_config=step_config, parent_work_dir_path=parent_work_dir_path, ) # run test actual_step_result = step_implementer._run_step() # verify results expected_step_result = StepResult( step_name='unit-test', sub_step_name='MavenIntegrationTest', sub_step_implementer_name='MavenIntegrationTest') expected_step_result.message = \ f"Given more then one deployed host URL ({step_config['deployed-host-urls']})," \ f" targeting first one (https://mock.ploigos.org/mock-app-1) for user acceptance test (UAT)." expected_step_result.add_artifact( description="Standard out and standard error from maven.", name='maven-output', value='/mock/mvn_output.txt') expected_step_result.add_artifact( description="Test report generated when running unit tests.", name='test-report', value='/mock/test-results-dir') self.assertEqual(actual_step_result, expected_step_result) mock_run_maven_step.assert_called_once_with( mvn_output_file_path='/mock/mvn_output.txt', step_implementer_additional_arguments=[ '-Dmock.target-host-url-param=https://mock.ploigos.org/mock-app-1' ]) mock_gather_evidence.assert_called_once_with( step_result=Any(StepResult), test_report_dirs='/mock/test-results-dir')
def test_decrypt_parent_source_file(self, sops_mock): encrypted_config_file_path = os.path.join( os.path.dirname(__file__), 'files', 'tssc-config-secret-stuff.yml') config_value = ConfigValue( value= 'ENC[AES256_GCM,data:UGKfnzsSrciR7GXZJhOCMmFrz3Y6V3pZsd3P,iv:yuReqA+n+rRXVHMc+2US5t7yPx54sooZSXWV4KLjDIs=,tag:jueP7/ZWLfYrEuhh+4eS8g==,type:str]', parent_source=encrypted_config_file_path, path_parts=[ 'tssc-config', 'global-environment-defaults', 'DEV', 'kube-api-token' ]) sops_decryptor = SOPS() sops_decryptor.decrypt(config_value) sops_mock.assert_called_once_with( '--decrypt', '--extract=["tssc-config"]["global-environment-defaults"]["DEV"]["kube-api-token"]', None, encrypted_config_file_path, _in=None, _out=Any(StringIO), _err=Any(StringIO))
def test___get_oscap_document_type_error(self, oscap_mock): oscap_input_file = '/does/not/matter.xml' sh.oscap.info.side_effect = sh.ErrorReturnCode('oscap info', b'mock out', b'mock error') with self.assertRaisesRegex( RuntimeError, re.compile( r"Unexpected error getting document type of oscap" rf" input file \({oscap_input_file}\):" r".*RAN: oscap info" r".*STDOUT:" r".*mock out" r".*STDERR:" r".*mock error", re.DOTALL)): OpenSCAPGeneric._OpenSCAPGeneric__get_oscap_document_type( oscap_input_file=oscap_input_file) sh.oscap.info.assert_called_once_with(oscap_input_file, _out=Any(IOBase))
def test_export_pgp_public_key_failure(self, gpg_mock): gpg_mock.side_effect = sh.ErrorReturnCode('gpg', b'mock stdout', b'mock error') with self.assertRaisesRegex( RuntimeError, re.compile( r'Error exporting pgp public key:' r".*RAN: gpg" r".*STDOUT:" r".*mock stdout" r".*STDERR:" r".*mock error", re.DOTALL)): pgp_private_key_fingerprint = TestExportPGPKey.TEST_FAKE_FINGERPRINT export_pgp_public_key( pgp_private_key_fingerprint=pgp_private_key_fingerprint) gpg_mock.assert_called_once_with('--armor', '--export', pgp_private_key_fingerprint, _out=Any(IOBase), _err_to_out=False, _tee='out')
def test___sign_image(self, podman_mock): with TempDirectory() as temp_dir: pgp_private_key_fingerprint = 'abc123' image_signatures_directory = os.path.join(temp_dir.path, 'signatures') container_image_tag = 'does/not/matter:v0.42.0' podman_mock.image.side_effect = TestStepImplementerSignContainerImagePodmanSign.\ create_podman_image_sign_side_effect() PodmanSign._PodmanSign__sign_image( pgp_private_key_fingerprint=pgp_private_key_fingerprint, image_signatures_directory=image_signatures_directory, container_image_tag=container_image_tag) podman_mock.image.assert_called_once_with( 'sign', f'--sign-by={pgp_private_key_fingerprint}', f'--directory={image_signatures_directory}', f'docker://{container_image_tag}', _out=Any(IOBase), _err_to_out=True, _tee='out')
def test_error_in_npm(self, mock_gather_evidence, mock_write_working_file, mock_run_npm_step): with TempDirectory() as test_dir: # setup test parent_work_dir_path = os.path.join(test_dir.path, 'working') step_config = { 'npm-test-script': 'myscript', 'deployed-host-urls': [ 'https://mock.ploigos.org/mock-app-1', ], 'npm-envs': { 'VAR1': 'VAL1', 'VAR2': 'VAL2' }, 'test-reports-dir': '/mock/test-results-dir', "target-host-env-var-name": "APP_ROUTE" } step_implementer = self.create_step_implementer( step_config=step_config, parent_work_dir_path=parent_work_dir_path, ) mock_run_npm_step.side_effect = StepRunnerException('mock error') # run test actual_step_result = step_implementer._run_step() self.assertFalse(actual_step_result.success) mock_run_npm_step.assert_called_once_with( npm_output_file_path='/mock/npm_output.txt', step_implementer_additional_envs={ 'APP_ROUTE': 'https://mock.ploigos.org/mock-app-1' }) mock_gather_evidence.assert_called_once_with( step_result=Any(StepResult), test_report_dirs='/mock/test-results-dir')