Merge pull request #1488 from coreos-inc/fix-aci-tests-for-realz
Change Signer to use the config provider and fix tests
This commit is contained in:
commit
1df9ba2a03
5 changed files with 23 additions and 16 deletions
2
app.py
2
app.py
|
@ -177,7 +177,7 @@ build_logs = BuildLogs(app)
|
||||||
authentication = UserAuthentication(app, config_provider, OVERRIDE_CONFIG_DIRECTORY)
|
authentication = UserAuthentication(app, config_provider, OVERRIDE_CONFIG_DIRECTORY)
|
||||||
userevents = UserEventsBuilderModule(app)
|
userevents = UserEventsBuilderModule(app)
|
||||||
superusers = SuperUserManager(app)
|
superusers = SuperUserManager(app)
|
||||||
signer = Signer(app, OVERRIDE_CONFIG_DIRECTORY)
|
signer = Signer(app, config_provider)
|
||||||
start_cloudwatch_sender(metric_queue, app)
|
start_cloudwatch_sender(metric_queue, app)
|
||||||
|
|
||||||
tf = app.config['DB_TRANSACTION_FACTORY']
|
tf = app.config['DB_TRANSACTION_FACTORY']
|
||||||
|
|
|
@ -105,7 +105,7 @@ def aci_signing_key():
|
||||||
if not signer.name:
|
if not signer.name:
|
||||||
abort(404)
|
abort(404)
|
||||||
|
|
||||||
return send_file(signer.public_key_path)
|
return send_file(signer.open_public_key_file())
|
||||||
|
|
||||||
@web.route('/plans/')
|
@web.route('/plans/')
|
||||||
@no_cache
|
@no_cache
|
||||||
|
|
|
@ -70,8 +70,8 @@ class TestConfig(DefaultConfig):
|
||||||
SIGNING_ENGINE = 'gpg2'
|
SIGNING_ENGINE = 'gpg2'
|
||||||
|
|
||||||
GPG2_PRIVATE_KEY_NAME = 'EEB32221'
|
GPG2_PRIVATE_KEY_NAME = 'EEB32221'
|
||||||
GPG2_PRIVATE_KEY_FILENAME = '/test/data/signing-private.gpg'
|
GPG2_PRIVATE_KEY_FILENAME = 'test/data/signing-private.gpg'
|
||||||
GPG2_PUBLIC_KEY_FILENAME = '/test/data/signing-public.gpg'
|
GPG2_PUBLIC_KEY_FILENAME = 'test/data/signing-public.gpg'
|
||||||
|
|
||||||
JWT_AUTH_CERTIFICATE_PATH = 'test/data/registry_v2_auth.crt'
|
JWT_AUTH_CERTIFICATE_PATH = 'test/data/registry_v2_auth.crt'
|
||||||
JWT_AUTH_PRIVATE_KEY_PATH = 'test/data/registry_v2_auth_private.key'
|
JWT_AUTH_PRIVATE_KEY_PATH = 'test/data/registry_v2_auth_private.key'
|
||||||
|
|
|
@ -3,6 +3,8 @@ from StringIO import StringIO
|
||||||
|
|
||||||
from util.config.provider.baseprovider import BaseProvider
|
from util.config.provider.baseprovider import BaseProvider
|
||||||
|
|
||||||
|
REAL_FILES = ['test/data/signing-private.gpg', 'test/data/signing-public.gpg']
|
||||||
|
|
||||||
class TestConfigProvider(BaseProvider):
|
class TestConfigProvider(BaseProvider):
|
||||||
""" Implementation of the config provider for testing. Everything is kept in-memory instead on
|
""" Implementation of the config provider for testing. Everything is kept in-memory instead on
|
||||||
the real file system. """
|
the real file system. """
|
||||||
|
@ -36,12 +38,18 @@ class TestConfigProvider(BaseProvider):
|
||||||
return True
|
return True
|
||||||
|
|
||||||
def volume_file_exists(self, filename):
|
def volume_file_exists(self, filename):
|
||||||
|
if filename in REAL_FILES:
|
||||||
|
return True
|
||||||
|
|
||||||
return filename in self.files
|
return filename in self.files
|
||||||
|
|
||||||
def save_volume_file(self, filename, flask_file):
|
def save_volume_file(self, filename, flask_file):
|
||||||
self.files[filename] = ''
|
self.files[filename] = ''
|
||||||
|
|
||||||
def get_volume_file(self, filename, mode='r'):
|
def get_volume_file(self, filename, mode='r'):
|
||||||
|
if filename in REAL_FILES:
|
||||||
|
return open(filename, mode=mode)
|
||||||
|
|
||||||
return StringIO(self.files[filename])
|
return StringIO(self.files[filename])
|
||||||
|
|
||||||
def requires_restart(self, app_config):
|
def requires_restart(self, app_config):
|
||||||
|
|
|
@ -9,7 +9,7 @@ from StringIO import StringIO
|
||||||
|
|
||||||
class GPG2Signer(object):
|
class GPG2Signer(object):
|
||||||
""" Helper class for signing data using GPG2. """
|
""" Helper class for signing data using GPG2. """
|
||||||
def __init__(self, config, key_directory):
|
def __init__(self, config, config_provider):
|
||||||
if not config.get('GPG2_PRIVATE_KEY_NAME'):
|
if not config.get('GPG2_PRIVATE_KEY_NAME'):
|
||||||
raise Exception('Missing configuration key GPG2_PRIVATE_KEY_NAME')
|
raise Exception('Missing configuration key GPG2_PRIVATE_KEY_NAME')
|
||||||
|
|
||||||
|
@ -22,22 +22,21 @@ class GPG2Signer(object):
|
||||||
self._ctx = gpgme.Context()
|
self._ctx = gpgme.Context()
|
||||||
self._ctx.armor = True
|
self._ctx.armor = True
|
||||||
self._private_key_name = config['GPG2_PRIVATE_KEY_NAME']
|
self._private_key_name = config['GPG2_PRIVATE_KEY_NAME']
|
||||||
self._public_key_path = os.path.join(key_directory, config['GPG2_PUBLIC_KEY_FILENAME'])
|
self._public_key_filename = config['GPG2_PUBLIC_KEY_FILENAME']
|
||||||
|
self._config_provider = config_provider
|
||||||
|
|
||||||
key_file = os.path.join(key_directory, config['GPG2_PRIVATE_KEY_FILENAME'])
|
if not config_provider.volume_file_exists(config['GPG2_PRIVATE_KEY_FILENAME']):
|
||||||
if not os.path.exists(key_file):
|
raise Exception('Missing key file %s' % config['GPG2_PRIVATE_KEY_FILENAME'])
|
||||||
raise Exception('Missing key file %s' % key_file)
|
|
||||||
|
|
||||||
with open(key_file, 'rb') as fp:
|
with config_provider.get_volume_file(config['GPG2_PRIVATE_KEY_FILENAME'], mode='rb') as fp:
|
||||||
self._ctx.import_(fp)
|
self._ctx.import_(fp)
|
||||||
|
|
||||||
@property
|
@property
|
||||||
def name(self):
|
def name(self):
|
||||||
return 'gpg2'
|
return 'gpg2'
|
||||||
|
|
||||||
@property
|
def open_public_key_file(self):
|
||||||
def public_key_path(self):
|
return self._config_provider.get_volume_file(self._public_key_filename, mode='rb')
|
||||||
return self._public_key_path
|
|
||||||
|
|
||||||
def detached_sign(self, stream):
|
def detached_sign(self, stream):
|
||||||
""" Signs the given stream, returning the signature. """
|
""" Signs the given stream, returning the signature. """
|
||||||
|
@ -54,14 +53,14 @@ class GPG2Signer(object):
|
||||||
|
|
||||||
|
|
||||||
class Signer(object):
|
class Signer(object):
|
||||||
def __init__(self, app=None, key_directory=None):
|
def __init__(self, app=None, config_provider=None):
|
||||||
self.app = app
|
self.app = app
|
||||||
if app is not None:
|
if app is not None:
|
||||||
self.state = self.init_app(app, key_directory)
|
self.state = self.init_app(app, config_provider)
|
||||||
else:
|
else:
|
||||||
self.state = None
|
self.state = None
|
||||||
|
|
||||||
def init_app(self, app, key_directory):
|
def init_app(self, app, config_provider):
|
||||||
preference = app.config.get('SIGNING_ENGINE', None)
|
preference = app.config.get('SIGNING_ENGINE', None)
|
||||||
if preference is None:
|
if preference is None:
|
||||||
return None
|
return None
|
||||||
|
|
Reference in a new issue