forked from pulp/pulp_container
-
Notifications
You must be signed in to change notification settings - Fork 0
/
test_sign_manifests.py
57 lines (41 loc) · 1.88 KB
/
test_sign_manifests.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
import pytest
from pulp_smash.pulp3.bindings import monitor_task
from pulpcore.client.pulp_container import RepositorySign
from pulp_container.constants import SIGNATURE_TYPE
from pulp_container.tests.functional.constants import REGISTRY_V2_REPO_PULP
MANIFEST_TAG = "manifest_a"
@pytest.fixture
def distribution(registry_client, local_registry, container_distribution_api, add_to_cleanup):
"""The fixture for a distribution that references a repository of the push type."""
image_path = f"{REGISTRY_V2_REPO_PULP}:{MANIFEST_TAG}"
registry_client.pull(image_path)
local_registry.tag_and_push(image_path, f"test-1:{MANIFEST_TAG}")
distribution = container_distribution_api.list(name="test-1").results[0]
add_to_cleanup(container_distribution_api, distribution.pulp_href)
return distribution
def test_sign_manifest(
signing_gpg_metadata,
distribution,
signing_service,
container_push_repository_api,
container_signature_api,
container_tag_api,
container_manifest_api,
):
"""Test whether a user can sign a manifest by leveraging a signing service."""
_, _, keyid = signing_gpg_metadata
sign_data = RepositorySign(signing_service.pulp_href)
response = container_push_repository_api.sign(distribution.repository, sign_data)
created_resources = monitor_task(response.task).created_resources
tags = container_tag_api.list(repository_version=created_resources[0])
assert tags.count == 1
tag = tags.results[0]
assert tag.name == MANIFEST_TAG
signatures = container_signature_api.list()
assert signatures.count == 1
signature = signatures.results[0]
assert signature.key_id == keyid
assert signature.type == SIGNATURE_TYPE.ATOMIC_SHORT
manifest = container_manifest_api.read(tag.tagged_manifest)
assert signature.signed_manifest == manifest.pulp_href
assert signature.name.startswith(manifest.digest)