Pull out signing validation into validator class

util/config/validator.py

@@ -1,6 +1,5 @@
 import logging
 
-from StringIO import StringIO
 from hashlib import sha1
 
 import peewee
@@ -16,7 +15,6 @@ from oauth.services.github import GithubOAuthService
 from oauth.services.google import GoogleOAuthService
 from oauth.services.gitlab import GitLabOAuthService
 from util.registry.torrent import torrent_jwt
-from util.security.signing import SIGNING_ENGINES
 from util.security.ssl import load_certificate, CertInvalidException, KeyInvalidException
 
 from util.config.validators.validate_database import DatabaseValidator
@@ -27,6 +25,7 @@ from util.config.validators.validate_ldap import LDAPValidator
 from util.config.validators.validate_keystone import KeystoneValidator
 from util.config.validators.validate_jwt import JWTAuthValidator
 from util.config.validators.validate_secscan import SecurityScannerValidator
+from util.config.validators.validate_signer import SignerValidator
 
 logger = logging.getLogger(__name__)
 
@@ -234,18 +233,6 @@ def _validate_ssl(config, user_obj, _):
     raise ConfigValidationException('SSL private key failed to validate: %s' % kie.message)
 
 
-def _validate_signer(config, user_obj, _):
-  """ Validates the GPG public+private key pair used for signing converted ACIs. """
-  if config.get('SIGNING_ENGINE') is None:
-    return
-
-  if config['SIGNING_ENGINE'] not in SIGNING_ENGINES:
-    raise ConfigValidationException('Unknown signing engine: %s' % config['SIGNING_ENGINE'])
-
-  engine = SIGNING_ENGINES[config['SIGNING_ENGINE']](config, config_provider)
-  engine.detached_sign(StringIO('test string'))
-
-
 def _validate_bittorrent(config, user_obj, _):
   """ Validates the configuration for using BitTorrent for downloads. """
   announce_url = config.get('BITTORRENT_ANNOUNCE_URL')
@@ -301,7 +288,7 @@ VALIDATORS = {
   LDAPValidator.name: LDAPValidator.validate,
   JWTAuthValidator.name: JWTAuthValidator.validate,
   KeystoneValidator.name: KeystoneValidator.validate,
-  'signer': _validate_signer,
+  SignerValidator.name: SignerValidator.validate,
   SecurityScannerValidator.name: SecurityScannerValidator.validate,
   'bittorrent': _validate_bittorrent,
 }

util/config/validators/test/test_validate_signer.py

@@ -0,0 +1,17 @@
+import pytest
+
+from util.config.validators import ConfigValidationException
+from util.config.validators.validate_signer import SignerValidator
+
+@pytest.mark.parametrize('unvalidated_config,expected', [
+  ({}, None),
+  ({'SIGNING_ENGINE': 'foobar'}, ConfigValidationException),
+  ({'SIGNING_ENGINE': 'gpg2'}, Exception),
+])
+def test_validate_signer(unvalidated_config,expected):
+  validator = SignerValidator()
+  if expected is not None:
+    with pytest.raises(expected):
+      validator.validate(unvalidated_config, None, None)
+  else:
+    validator.validate(unvalidated_config, None, None)

util/config/validators/validate_signer.py

@@ -0,0 +1,20 @@
+from StringIO import StringIO
+
+from app import config_provider
+from util.config.validators import BaseValidator, ConfigValidationException
+from util.security.signing import SIGNING_ENGINES
+
+class SignerValidator(BaseValidator):
+  name = "signer"
+
+  @classmethod
+  def validate(cls, config, user, user_password):
+    """ Validates the GPG public+private key pair used for signing converted ACIs. """
+    if config.get('SIGNING_ENGINE') is None:
+      return
+
+    if config['SIGNING_ENGINE'] not in SIGNING_ENGINES:
+      raise ConfigValidationException('Unknown signing engine: %s' % config['SIGNING_ENGINE'])
+
+    engine = SIGNING_ENGINES[config['SIGNING_ENGINE']](config, config_provider)
+    engine.detached_sign(StringIO('test string'))