vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

initial import for Open Source 🎉

Browse source
This commit is contained in:
Jimmy Zelinskie 2019-11-12 11:09:47 -05:00
parent 1898c361f3
commit 9c0dd3b722
2048 changed files with 218743 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

0
util/tufmetadata/__init__.py Normal file
View file

291
util/tufmetadata/api.py Normal file
View file

@ -0,0 +1,291 @@
import logging
from urlparse import urljoin
from posixpath import join
from abc import ABCMeta, abstractmethod
from six import add_metaclass
import requests
from data.database import CloseForLongOperation
from util.abchelpers import nooper
from util.failover import failover, FailoverException
from util.security.instancekeys import InstanceKeys
from util.security.registry_jwt import (build_context_and_subject, generate_bearer_token,
SIGNER_TUF_ROOT)
DEFAULT_HTTP_HEADERS = {'Connection': 'close'}
MITM_CERT_PATH = '/conf/mitm.cert'
TOKEN_VALIDITY_LIFETIME_S = 60 * 60 # 1 hour
logger = logging.getLogger(__name__)
class InvalidMetadataException(Exception):
""" Exception raised when the upstream API metadata that doesn't parse correctly. """
pass
class Non200ResponseException(Exception):
""" Exception raised when the upstream API returns a non-200 HTTP status code. """
def __init__(self, response):
super(Non200ResponseException, self).__init__()
self.response = response
class TUFMetadataAPI(object):
""" Helper class for talking to the TUF Metadata service (Apostille). """
def __init__(self, app, config, client=None):
feature_enabled = config.get('FEATURE_SIGNING', False)
if feature_enabled:
self.state = ImplementedTUFMetadataAPI(app, config, client=client)
else:
self.state = NoopTUFMetadataAPI()
def __getattr__(self, name):
return getattr(self.state, name, None)
@add_metaclass(ABCMeta)
class TUFMetadataAPIInterface(object):
""" Helper class for talking to the TUF Metadata service (Apostille). """
@abstractmethod
def get_default_tags_with_expiration(self, namespace, repository, targets_file=None):
"""
Gets the tag -> sha mappings for a repo, as well as the expiration of the signatures.
Does not verify the metadata, this is purely for display purposes.
Args:
namespace: namespace containing the repository
repository: the repo to get tags for
targets_file: the specific delegation to read from. Default: targets/releases.json
Returns:
targets, expiration or None, None
"""
pass
@abstractmethod
def get_all_tags_with_expiration(self, namespace, repository, targets_file=None, targets_map=None):
"""
Gets the tag -> sha mappings of all delegations for a repo, as well as the expiration of the signatures.
Does not verify the metadata, this is purely for display purposes.
Args:
namespace: namespace containing the repository
repository: the repo to get tags for
targets_file: the specific target or delegation to read from. Default: targets.json
Returns:
targets
"""
pass
@abstractmethod
def delete_metadata(self, namespace, repository):
"""
Deletes the TUF metadata for a repo
Args:
namespace: namespace containing the repository
repository: the repo to delete metadata for
Returns:
True if successful, False otherwise
"""
pass
@nooper
class NoopTUFMetadataAPI(TUFMetadataAPIInterface):
""" No-op version of the TUF API. """
pass
class ImplementedTUFMetadataAPI(TUFMetadataAPIInterface):
def __init__(self, app, config, client=None):
self._app = app
self._instance_keys = InstanceKeys(app)
self._config = config
self._client = client or config['HTTPCLIENT']
self._gun_prefix = config['TUF_GUN_PREFIX'] or config['SERVER_HOSTNAME']
def get_default_tags_with_expiration(self, namespace, repository, targets_file=None):
"""
Gets the tag -> sha mappings for a repo, as well as the expiration of the signatures.
Does not verify the metadata, this is purely for display purposes.
Args:
namespace: namespace containing the repository
repository: the repo to get tags for
targets_file: the specific delegation to read from. Default: targets/releases.json
Returns:
targets, expiration or None, None
"""
if not targets_file:
targets_file = 'targets/releases.json'
signed = self._get_signed(namespace, repository, targets_file)
if not signed:
return None, None
return signed.get('targets'), signed.get('expires')
def get_all_tags_with_expiration(self, namespace, repository, targets_file=None, targets_map=None):
"""
Gets the tag -> sha mappings of all delegations for a repo, as well as the expiration of the signatures.
Does not verify the metadata, this is purely for display purposes.
Args:
namespace: namespace containing the repository
repository: the repo to get tags for
targets_file: the specific target or delegation to read from. Default: targets.json
Returns:
targets
"""
if not targets_file:
targets_file = 'targets.json'
targets_name = targets_file
if targets_name.endswith('.json'):
targets_name = targets_name[:-5]
if not targets_map:
targets_map = {}
signed = self._get_signed(namespace, repository, targets_file)
if not signed:
targets_map[targets_name] = None
return targets_map
if signed.get('targets'):
targets_map[targets_name] = {
'targets': signed.get('targets'),
'expiration': signed.get('expires'),
}
delegation_names = [role.get('name') for role in signed.get('delegations').get('roles')]
for delegation in delegation_names:
targets_map = self.get_all_tags_with_expiration(namespace, repository, targets_file=delegation + '.json', targets_map=targets_map)
return targets_map
def delete_metadata(self, namespace, repository):
"""
Deletes the TUF metadata for a repo
Args:
namespace: namespace containing the repository
repository: the repo to delete metadata for
Returns:
True if successful, False otherwise
"""
gun = self._gun(namespace, repository)
try:
self._delete(gun)
except requests.exceptions.Timeout:
logger.exception('Timeout when trying to delete metadata for %s', gun)
return False
except requests.exceptions.ConnectionError:
logger.exception('Connection error when trying to delete metadata for %s', gun)
return False
except (requests.exceptions.RequestException, ValueError):
logger.exception('Failed to delete metadata for %s', gun)
return False
except Non200ResponseException as ex:
logger.exception('Failed request for %s: %s %s', gun, ex.response, str(ex))
return False
return True
def _gun(self, namespace, repository):
return join(self._gun_prefix, namespace, repository)
def _get_signed(self, namespace, repository, targets_file):
gun = self._gun(namespace, repository)
try:
response = self._get(gun, targets_file)
signed = self._parse_signed(response.json())
return signed
except requests.exceptions.Timeout:
logger.exception('Timeout when trying to get metadata for %s', gun)
except requests.exceptions.ConnectionError:
logger.exception('Connection error when trying to get metadata for %s', gun)
except (requests.exceptions.RequestException, ValueError):
logger.exception('Failed to get metadata for %s', gun)
except Non200ResponseException as ex:
logger.exception('Failed request for %s: %s %s', gun, ex.response, str(ex))
except InvalidMetadataException as ex:
logger.exception('Failed to parse targets from metadata: %s', str(ex))
return None
def _parse_signed(self, json_response):
""" Attempts to parse the targets from a metadata response """
signed = json_response.get('signed')
if not signed:
raise InvalidMetadataException("Could not find `signed` in metadata: %s" % json_response)
return signed
def _auth_header(self, gun, actions):
""" Generate a registry auth token for apostille"""
access = [{
'type': 'repository',
'name': gun,
'actions': actions,
}]
context, subject = build_context_and_subject(auth_context=None, tuf_roots={gun: SIGNER_TUF_ROOT})
token = generate_bearer_token(self._config["SERVER_HOSTNAME"], subject, context, access,
TOKEN_VALIDITY_LIFETIME_S, self._instance_keys)
return {'Authorization': 'Bearer %s' % token}
def _get(self, gun, metadata_file):
return self._call('GET', '/v2/%s/_trust/tuf/%s' % (gun, metadata_file), headers=self._auth_header(gun, ['pull']))
def _delete(self, gun):
return self._call('DELETE', '/v2/%s/_trust/tuf/' % (gun), headers=self._auth_header(gun, ['*']))
def _request(self, method, endpoint, path, body, headers, params, timeout):
""" Issues an HTTP request to the signing endpoint. """
url = urljoin(endpoint, path)
logger.debug('%sing signing URL %s', method.upper(), url)
headers.update(DEFAULT_HTTP_HEADERS)
resp = self._client.request(method, url, json=body, params=params, timeout=timeout,
verify=True, headers=headers)
if resp.status_code // 100 != 2:
raise Non200ResponseException(resp)
return resp
def _call(self, method, path, params=None, body=None, headers=None):
""" Issues an HTTP request to signing service and handles failover for GET requests.
"""
timeout = self._config.get('TUF_API_TIMEOUT_SECONDS', 1)
endpoint = self._config['TUF_SERVER']
with CloseForLongOperation(self._config):
# If the request isn't a read do not fail over.
if method != 'GET':
return self._request(method, endpoint, path, body, headers, params, timeout)
# The request is read-only and can failover.
all_endpoints = [endpoint] + self._config.get('TUF_READONLY_FAILOVER_ENDPOINTS', [])
return _failover_read_request(*[((self._request, endpoint, path, body, headers, params, timeout), {})
for endpoint in all_endpoints])
@failover
def _failover_read_request(request_fn, endpoint, path, body, headers, params, timeout):
""" This function auto-retries read-only requests until they return a 2xx status code. """
try:
return request_fn('GET', endpoint, path, body, headers, params, timeout)
except (requests.exceptions.RequestException, Non200ResponseException) as ex:
raise FailoverException(ex)

248
util/tufmetadata/test/test_tufmetadata.py Normal file
View file

@ -0,0 +1,248 @@
import pytest
import requests
from mock import mock,patch
from flask import Flask
from test import testconfig
from test.fixtures import init_db_path
from util.tufmetadata import api
valid_response = {
'signed' : {
'type': 'Targets',
'delegations': {
'keys': {},
'roles': {},
},
'expires': '2020-03-30T18:55:26.594764859-04:00',
'targets': {
'latest': {
'hashes': {
'sha256': 'mLmxwTyUrqIRDaz8uaBapfrp3GPERfsDg2kiMujlteo='
},
'length': 1500
}
},
'version': 2
},
'signatures': [
{
'method': 'ecdsa',
'sig': 'yYnJGsYAYEL9PSwXisdG7JUEM1YK2IIKM147K3fWJthF4w+vl3xOm67r5ZNuDK6ss/Ff+x8yljZdT3sE/Hg5mw=='
}
]
}
valid_targets_with_delegation = {
"signed": {
"_type": "Targets",
"delegations": {
"keys": {
"5e71c65cb1ba794f253fa377c970a237799745adab92024522b12f5b2f1d3031": {
"keytype": "ecdsa-x509",
"keyval": {
"private": None,
"public": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUI4akNDQVppZ0F3SUJBZ0lVTDIxVm5aakZFZ0hFTjV5OFhHbUJZWi9ta1U4d0NnWUlLb1pJemowRUF3SXcKU0RFTE1Ba0dBMVVFQmhNQ1ZWTXhDekFKQmdOVkJBZ1RBa05CTVJZd0ZBWURWUVFIRXcxVFlXNGdSbkpoYm1OcApjMk52TVJRd0VnWURWUVFERXd0bGVHRnRjR3hsTG01bGREQWVGdzB4TnpBMU1Ea3dNVEkyTURCYUZ3MHhPREExCk1Ea3dNVEkyTURCYU1DUXhJakFnQmdOVkJBTVRHWE4wWVdkcGJtY3VjWFZoZVM1cGJ5OXhkV0Y1TDNGMVlYa3cKV1RBVEJnY3Foa2pPUFFJQkJnZ3Foa2pPUFFNQkJ3TkNBQVNmbVFSQmpJeUw2WHdoSW0zbnE4TEtLSXJqT3czVApmU2ZMUmMyQlhQeU9uS2EvandvaVdBdHlMSFdwcmlJNTlBM2ZtbmtHK1FUVlBlMkJGTUNrS0xMQ280R0RNSUdBCk1BNEdBMVVkRHdFQi93UUVBd0lGb0RBVEJnTlZIU1VFRERBS0JnZ3JCZ0VGQlFjREFUQU1CZ05WSFJNQkFmOEUKQWpBQU1CMEdBMVVkRGdRV0JCUk96NjFUS2wxd1B5aTJPdWJ3dmlURkZYVlB4REFmQmdOVkhTTUVHREFXZ0JSVgpBbGl0dVZWajF3RXIwaVZhMjcwN244S3htakFMQmdOVkhSRUVCREFDZ2dBd0NnWUlLb1pJemowRUF3SURTQUF3ClJRSWdHaVZGTUprNDNWYVBRNHJ0S1BhNGp3amIxcjF0b05vTE5KTzhlRU02OSs0Q0lRRHl1VXk5cFFwTXFmU3gKelRiNVB5SjJ0STI5bHdkem0yVUZsSDhRd0FPTnhRPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo="
}
},
"78cf3c9de9d59f61391bfa183cfdc676ab4e9b179cf5c1c42019a5271d2542b0": {
"keytype": "ecdsa-x509",
"keyval": {
"private": None,
"public": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUIrVENDQWFDZ0F3SUJBZ0lVZkxPV0FzT2x5UjZaSVYxS1UrTW56K2pYekY4d0NnWUlLb1pJemowRUF3SXcKU0RFTE1Ba0dBMVVFQmhNQ1ZWTXhDekFKQmdOVkJBZ1RBa05CTVJZd0ZBWURWUVFIRXcxVFlXNGdSbkpoYm1OcApjMk52TVJRd0VnWURWUVFERXd0bGVHRnRjR3hsTG01bGREQWVGdzB4TnpBMU1UQXhPRFUxTURCYUZ3MHhPREExCk1UQXhPRFUxTURCYU1Dd3hLakFvQmdOVkJBTVRJWE4wWVdkcGJtY3VjWFZoZVM1cGJ5OXhkV0Y1TDNGMVlYa3QKYzNSaFoybHVaekJaTUJNR0J5cUdTTTQ5QWdFR0NDcUdTTTQ5QXdFSEEwSUFCT2hnMCtxdTRtTHFPaEVQOC8zZAp0YXBMaHlwbHBoNGlaQkZMekpQNjlqTEJJSnN4aTdGTkxvZzBJY2tYQnNndmNRMFFEdE9XT3k0TFhBQ3Nqc0FzCndmQ2pnWU13Z1lBd0RnWURWUjBQQVFIL0JBUURBZ1dnTUJNR0ExVWRKUVFNTUFvR0NDc0dBUVVGQndNQk1Bd0cKQTFVZEV3RUIvd1FDTUFBd0hRWURWUjBPQkJZRUZMNCtDVXBLYm5YeHU1OXRQbzE2aFNWK21hTE1NQjhHQTFVZApJd1FZTUJhQUZFbzA5QU9keGNwSnAxaVJZSyt0V1JOMlltSGZNQXNHQTFVZEVRUUVNQUtDQURBS0JnZ3Foa2pPClBRUURBZ05IQURCRUFpQTVLN20vb0g0clZTTTloUmFGc3lWUzhWVTlQNzhCVHJaZ2xERjFKSFFkblFJZ0thcTMKbzRLcjBoelRzMng3cFVtWFZlWW4xbGJaRlRaZXJ3QzhTcXhtVHBZPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg=="
}
},
"ada8b980813a887f007a1c42376c35a81cbba3b1090aae16cbffedb9004934c8": {
"keytype": "ecdsa-x509",
"keyval": {
"private": None,
"public": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUIrakNDQWFDZ0F3SUJBZ0lVTUdzU0hyMWZLK3htaG81STFJdStIcXEzbjZ3d0NnWUlLb1pJemowRUF3SXcKU0RFTE1Ba0dBMVVFQmhNQ1ZWTXhDekFKQmdOVkJBZ1RBa05CTVJZd0ZBWURWUVFIRXcxVFlXNGdSbkpoYm1OcApjMk52TVJRd0VnWURWUVFERXd0bGVHRnRjR3hsTG01bGREQWVGdzB4TnpBMU1UQXdNVEl4TURCYUZ3MHhPREExCk1UQXdNVEl4TURCYU1Dd3hLakFvQmdOVkJBTVRJWE4wWVdkcGJtY3VjWFZoZVM1cGJ5OXhkV0Y1TDNGMVlYa3QKYzNSaFoybHVaekJaTUJNR0J5cUdTTTQ5QWdFR0NDcUdTTTQ5QXdFSEEwSUFCRlY4YVBhTjMzTE5HSWtMTVFnZwpJYjk1VzF5aGEvblpLYm1vdXF4c0VOdWhYZitUZmZnUjlIOVFsMHVIaVJQTzZWRFhKMU90K2h6eDk5SGVMdHRQClRCeWpnWU13Z1lBd0RnWURWUjBQQVFIL0JBUURBZ1dnTUJNR0ExVWRKUVFNTUFvR0NDc0dBUVVGQndNQk1Bd0cKQTFVZEV3RUIvd1FDTUFBd0hRWURWUjBPQkJZRUZFZHVRVThaei83THUrdGxod0lyYWM0ZmFGNmVNQjhHQTFVZApJd1FZTUJhQUZEK21iblFMUXlHTmcxMFc2dUxHcDRGSldRNnBNQXNHQTFVZEVRUUVNQUtDQURBS0JnZ3Foa2pPClBRUURBZ05JQURCRkFpQlB6Z2x3OFYyaHhKWXM2WDFrNE9hb255bkx2b3hxbGJweFJtWkRaNmFwcGdJaEFJd1oKdmp1MFpQYjZuaGZWTkF5b3dNM09XdEFVYm95eEZCcDBxd2FYMzFYSgotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg=="
}
},
"e2727632903bf9d0ac6856c6e4f8cb44f443c220ecf51e2fb6b465c7d85b9169": {
"keytype": "ecdsa-x509",
"keyval": {
"private": None,
"public": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUI4ekNDQVppZ0F3SUJBZ0lVWS9IdzVKL2lkTzA3M3BMR2U0b3BxZytpcVBrd0NnWUlLb1pJemowRUF3SXcKU0RFTE1Ba0dBMVVFQmhNQ1ZWTXhDekFKQmdOVkJBZ1RBa05CTVJZd0ZBWURWUVFIRXcxVFlXNGdSbkpoYm1OcApjMk52TVJRd0VnWURWUVFERXd0bGVHRnRjR3hsTG01bGREQWVGdzB4TnpBMU1Ea3hOekl6TURCYUZ3MHhPREExCk1Ea3hOekl6TURCYU1DUXhJakFnQmdOVkJBTVRHWE4wWVdkcGJtY3VjWFZoZVM1cGJ5OXhkV0Y1TDNGMVlYa3cKV1RBVEJnY3Foa2pPUFFJQkJnZ3Foa2pPUFFNQkJ3TkNBQVRrMFl0VmdWRHZpbnpwM1g3NHhOS0tKK2hldVptWgpqeWgwZnQ2Ny8yQ1NnU1MwLzVtRUNtR2dJbDc5WXlsV3VRdHZkYnFrSWVNWkU1M0RkQnlnZUcrcm80R0RNSUdBCk1BNEdBMVVkRHdFQi93UUVBd0lGb0RBVEJnTlZIU1VFRERBS0JnZ3JCZ0VGQlFjREFUQU1CZ05WSFJNQkFmOEUKQWpBQU1CMEdBMVVkRGdRV0JCUzM5TnNydHZndmhlL0hhQk1CSzdvQjZ4R3ZGVEFmQmdOVkhTTUVHREFXZ0JTdwoybDdYYkJsbXVYeTZvcGdNMGF0c3ViMWJOVEFMQmdOVkhSRUVCREFDZ2dBd0NnWUlLb1pJemowRUF3SURTUUF3ClJnSWhBSjNRdThUNWdPdzVKaVNyT3c2TEtBNnZnRGduKzNEMEJJYzB2UENzd05XbkFpRUE4VW93dVBoaFE0MEMKTFY3dkhDN0t1QTBULzZLY2dLT1Rpb1VNR2FFM2MzRT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo="
}
}
},
"roles": [
{
"keyids": [
"e2727632903bf9d0ac6856c6e4f8cb44f443c220ecf51e2fb6b465c7d85b9169",
"ada8b980813a887f007a1c42376c35a81cbba3b1090aae16cbffedb9004934c8",
"78cf3c9de9d59f61391bfa183cfdc676ab4e9b179cf5c1c42019a5271d2542b0",
"5e71c65cb1ba794f253fa377c970a237799745adab92024522b12f5b2f1d3031"
],
"name": "targets/devs",
"paths": [
""
],
"threshold": 1
}
]
},
"expires": "2020-05-09T15:06:27.189711073-04:00",
"targets": {},
"version": 4
},
"signatures": [
{
"keyid": "3353687138116a5950603adbcb449e4e84e61523fb4a43c7dde33d1d2e40a934",
"method": "ecdsa",
"sig": "dbuUBGQ5FdcuRxzg9SCMQ7mym5w4xxdTezWqq9UTj4GHU75pEaTHo1oZEEud+ofI66gjA6hmqljdnOsEQ6CTYw=="
}
]
}
valid_delegation = {
"signed": {
"_type": "Targets",
"delegations": {
"keys": {},
"roles": []
},
"expires": "2020-05-09T15:25:05.840775035-04:00",
"targets": {
"191e5d9": {
"hashes": {
"sha256": "DE7i9XN+sd8vkdsJWSLlujKsATmTffzzhGBPsVYRFmg="
},
"length": 46683
},
"977ae7a": {
"hashes": {
"sha256": "a3e7naDPcCfMEJAv0JgmJ0h+qZQoGNDrdgwpN/5B5YY="
},
"length": 46682
},
"b96b871": {
"hashes": {
"sha256": "j662F+e+3eN5QBSaFLFj24khbfWIffz24f5HGLrkyvw="
},
"length": 46680
}
},
"version": 5
},
"signatures": [
{
"keyid": "78cf3c9de9d59f61391bfa183cfdc676ab4e9b179cf5c1c42019a5271d2542b0",
"method": "ecdsa",
"sig": "ZLW5DokQw3ipFGsS3I9d6xkUdFlKS1vuvtlR3/I9lGdQZUa+QfpdpiEhKIO92aTCsDZvBn1m4wwb0MukLH8fgA=="
}
]
}
@pytest.mark.parametrize('tuf_prefix,server_hostname,namespace,repo,gun', [
("quay.dev", "quay.io", "ns", "repo", "quay.dev/ns/repo"),
(None, "quay.io", "ns", "repo", "quay.io/ns/repo"),
("quay.dev/", "quay.io", "ns", "repo", "quay.dev/ns/repo"),
(None, "quay.io/", "ns", "repo", "quay.io/ns/repo"),
(None, "localhost:5000/", "ns", "repo", "localhost:5000/ns/repo"),
(None, "localhost:5000", "ns", "repo", "localhost:5000/ns/repo"),
])
def test_gun(tuf_prefix, server_hostname, namespace, repo, gun):
app = Flask(__name__)
app.config.from_object(testconfig.TestConfig())
app.config['TUF_GUN_PREFIX'] = tuf_prefix
app.config['SERVER_HOSTNAME'] = server_hostname
tuf_api = api.TUFMetadataAPI(app, app.config)
assert gun == tuf_api._gun(namespace, repo)
@pytest.mark.parametrize('response_code,response_body,expected', [
(200, valid_response, (valid_response['signed']['targets'], '2020-03-30T18:55:26.594764859-04:00')),
(200, {'garbage': 'data'}, (None, None))
])
def test_get_default_tags(response_code, response_body, expected):
app = Flask(__name__)
app.config.from_object(testconfig.TestConfig())
client = mock.Mock()
request = mock.Mock(status_code=response_code)
request.json.return_value = response_body
client.request.return_value = request
tuf_api = api.TUFMetadataAPI(app, app.config, client=client)
response = tuf_api.get_default_tags_with_expiration('quay', 'quay')
assert response == expected
@pytest.mark.parametrize('response_code,response_body1,response_body2,expected', [
(200, valid_targets_with_delegation, valid_delegation, {
'targets/devs': { 'targets': valid_delegation['signed']['targets'],
'expiration': valid_delegation['signed']['expires']}}),
(200, {'garbage': 'data'}, {'garbage': 'data'}, {'targets': None})
])
def test_get_all_tags(response_code, response_body1, response_body2, expected):
app = Flask(__name__)
app.config.from_object(testconfig.TestConfig())
client = mock.Mock()
request = mock.Mock(status_code=response_code)
request.json.side_effect = [response_body1, response_body2, {}, {}, {}, {}]
client.request.return_value = request
tuf_api = api.TUFMetadataAPI(app, app.config, client=client)
response = tuf_api.get_all_tags_with_expiration('quay', 'quay')
assert response == expected
@pytest.mark.parametrize('connection_error,response_code,exception', [
(True, 200, requests.exceptions.Timeout),
(True, 200, requests.exceptions.ConnectionError),
(False, 200, requests.exceptions.RequestException),
(False, 200, ValueError),
(True, 500, api.Non200ResponseException(mock.Mock(status_code=500))),
(False, 400, api.Non200ResponseException(mock.Mock(status_code=400))),
(False, 404, api.Non200ResponseException(mock.Mock(status_code=404))),
(False, 200, api.InvalidMetadataException)
])
def test_get_metadata_exception(connection_error, response_code, exception):
app = Flask(__name__)
app.config.from_object(testconfig.TestConfig())
request = mock.Mock(status_code=response_code)
client = mock.Mock(request=request)
client.request.side_effect = exception
tuf_api = api.TUFMetadataAPI(app, app.config, client=client)
tags, expiration = tuf_api.get_default_tags_with_expiration('quay', 'quay')
assert tags == None
assert expiration == None
@pytest.mark.parametrize('response_code,expected', [
(200, True),
(400, False),
(401, False),
])
def test_delete_metadata(response_code, expected):
app = Flask(__name__)
app.config.from_object(testconfig.TestConfig())
client = mock.Mock()
request = mock.Mock(status_code=response_code)
client.request.return_value = request
tuf_api = api.TUFMetadataAPI(app, app.config, client=client)
response = tuf_api.delete_metadata('quay', 'quay')
assert response == expected
@pytest.mark.parametrize('response_code,exception', [
(200, requests.exceptions.Timeout),
(200, requests.exceptions.ConnectionError),
(200, requests.exceptions.RequestException),
(200, ValueError),
(500, api.Non200ResponseException(mock.Mock(status_code=500))),
(400, api.Non200ResponseException(mock.Mock(status_code=400))),
(401, api.Non200ResponseException(mock.Mock(status_code=401))),
(404, api.Non200ResponseException(mock.Mock(status_code=404))),
])
def test_delete_metadata_exception(response_code, exception):
app = Flask(__name__)
app.config.from_object(testconfig.TestConfig())
request = mock.Mock(status_code=response_code)
client = mock.Mock(request=request)
client.request.side_effect = exception
tuf_api = api.TUFMetadataAPI(app, app.config, client=client)
response = tuf_api.delete_metadata('quay', 'quay')
assert response == False