vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Change Signer to use the config provider and fix tests

Browse source 
Fixes the broken ACI tests
This commit is contained in:
Joseph Schorr 2016-05-23 17:10:03 -04:00
parent 5568cc77b8
commit f670c4c7a9
5 changed files with 23 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
app.py
View file

@ -177,7 +177,7 @@ build_logs = BuildLogs(app)
authentication = UserAuthentication(app, config_provider, OVERRIDE_CONFIG_DIRECTORY) authentication = UserAuthentication(app, config_provider, OVERRIDE_CONFIG_DIRECTORY)
userevents = UserEventsBuilderModule(app) userevents = UserEventsBuilderModule(app)
superusers = SuperUserManager(app) superusers = SuperUserManager(app)
signer = Signer(app, OVERRIDE_CONFIG_DIRECTORY) signer = Signer(app, config_provider)
start_cloudwatch_sender(metric_queue, app) start_cloudwatch_sender(metric_queue, app)
tf = app.config['DB_TRANSACTION_FACTORY'] tf = app.config['DB_TRANSACTION_FACTORY']

2
endpoints/web.py
View file

@ -105,7 +105,7 @@ def aci_signing_key():
if not signer.name: if not signer.name:
abort(404) abort(404)
return send_file(signer.public_key_path) return send_file(signer.open_public_key_file())
@web.route('/plans/') @web.route('/plans/')
@no_cache @no_cache

4
test/testconfig.py
View file

@ -70,8 +70,8 @@ class TestConfig(DefaultConfig):
SIGNING_ENGINE = 'gpg2' SIGNING_ENGINE = 'gpg2'
GPG2_PRIVATE_KEY_NAME = 'EEB32221' GPG2_PRIVATE_KEY_NAME = 'EEB32221'
GPG2_PRIVATE_KEY_FILENAME = '/test/data/signing-private.gpg' GPG2_PRIVATE_KEY_FILENAME = 'test/data/signing-private.gpg'
GPG2_PUBLIC_KEY_FILENAME = '/test/data/signing-public.gpg' GPG2_PUBLIC_KEY_FILENAME = 'test/data/signing-public.gpg'
JWT_AUTH_CERTIFICATE_PATH = 'test/data/registry_v2_auth.crt' JWT_AUTH_CERTIFICATE_PATH = 'test/data/registry_v2_auth.crt'
JWT_AUTH_PRIVATE_KEY_PATH = 'test/data/registry_v2_auth_private.key' JWT_AUTH_PRIVATE_KEY_PATH = 'test/data/registry_v2_auth_private.key'

8
util/config/provider/testprovider.py
View file

@ -3,6 +3,8 @@ from StringIO import StringIO
from util.config.provider.baseprovider import BaseProvider from util.config.provider.baseprovider import BaseProvider
REAL_FILES = ['test/data/signing-private.gpg', 'test/data/signing-public.gpg']
class TestConfigProvider(BaseProvider): class TestConfigProvider(BaseProvider):
""" Implementation of the config provider for testing. Everything is kept in-memory instead on """ Implementation of the config provider for testing. Everything is kept in-memory instead on
the real file system. """ the real file system. """
@ -36,12 +38,18 @@ class TestConfigProvider(BaseProvider):
return True return True
def volume_file_exists(self, filename): def volume_file_exists(self, filename):
if filename in REAL_FILES:
return True
return filename in self.files return filename in self.files
def save_volume_file(self, filename, flask_file): def save_volume_file(self, filename, flask_file):
self.files[filename] = '' self.files[filename] = ''
def get_volume_file(self, filename, mode='r'): def get_volume_file(self, filename, mode='r'):
if filename in REAL_FILES:
return open(filename, mode=mode)
return StringIO(self.files[filename]) return StringIO(self.files[filename])
def requires_restart(self, app_config): def requires_restart(self, app_config):

23
util/security/signing.py
View file

@ -9,7 +9,7 @@ from StringIO import StringIO
class GPG2Signer(object): class GPG2Signer(object):
""" Helper class for signing data using GPG2. """ """ Helper class for signing data using GPG2. """
def __init__(self, config, key_directory): def __init__(self, config, config_provider):
if not config.get('GPG2_PRIVATE_KEY_NAME'): if not config.get('GPG2_PRIVATE_KEY_NAME'):
raise Exception('Missing configuration key GPG2_PRIVATE_KEY_NAME') raise Exception('Missing configuration key GPG2_PRIVATE_KEY_NAME')
@ -22,22 +22,21 @@ class GPG2Signer(object):
self._ctx = gpgme.Context() self._ctx = gpgme.Context()
self._ctx.armor = True self._ctx.armor = True
self._private_key_name = config['GPG2_PRIVATE_KEY_NAME'] self._private_key_name = config['GPG2_PRIVATE_KEY_NAME']
self._public_key_path = os.path.join(key_directory, config['GPG2_PUBLIC_KEY_FILENAME']) self._public_key_filename = config['GPG2_PUBLIC_KEY_FILENAME']
self._config_provider = config_provider
key_file = os.path.join(key_directory, config['GPG2_PRIVATE_KEY_FILENAME']) if not config_provider.volume_file_exists(config['GPG2_PRIVATE_KEY_FILENAME']):
if not os.path.exists(key_file): raise Exception('Missing key file %s' % config['GPG2_PRIVATE_KEY_FILENAME'])
raise Exception('Missing key file %s' % key_file)
with open(key_file, 'rb') as fp: with config_provider.get_volume_file(config['GPG2_PRIVATE_KEY_FILENAME'], mode='rb') as fp:
self._ctx.import_(fp) self._ctx.import_(fp)
@property @property
def name(self): def name(self):
return 'gpg2' return 'gpg2'
@property def open_public_key_file(self):
def public_key_path(self): return self._config_provider.get_volume_file(self._public_key_filename, mode='rb')
return self._public_key_path
def detached_sign(self, stream): def detached_sign(self, stream):
""" Signs the given stream, returning the signature. """ """ Signs the given stream, returning the signature. """
@ -54,14 +53,14 @@ class GPG2Signer(object):
class Signer(object): class Signer(object):
def __init__(self, app=None, key_directory=None): def __init__(self, app=None, config_provider=None):
self.app = app self.app = app
if app is not None: if app is not None:
self.state = self.init_app(app, key_directory) self.state = self.init_app(app, config_provider)
else: else:
self.state = None self.state = None
def init_app(self, app, key_directory): def init_app(self, app, config_provider):
preference = app.config.get('SIGNING_ENGINE', None) preference = app.config.get('SIGNING_ENGINE', None)
if preference is None: if preference is None:
return None return None