Skip to content

Commit

Permalink
fix signing problems
Browse files Browse the repository at this point in the history
No-Issue
  • Loading branch information
chr-stian committed Nov 20, 2023
1 parent 53ca1a6 commit ffe1aa3
Show file tree
Hide file tree
Showing 4 changed files with 44 additions and 16 deletions.
19 changes: 9 additions & 10 deletions galaxy_ng/tests/integration/api/test_load_data.py
Original file line number Diff line number Diff line change
Expand Up @@ -3,15 +3,15 @@
import pytest

from galaxy_ng.tests.integration.conftest import is_hub_4_7_or_higher
from galaxy_ng.tests.integration.utils.iqe_utils import sign_collection_on_demand
from galaxy_ng.tests.integration.utils.repo_management_utils import create_repo_and_dist, \
upload_new_artifact
from galaxykit.collections import sign_collection, deprecate_collection, \
from galaxykit.collections import deprecate_collection, \
move_or_copy_collection
from galaxykit.containers import create_container, delete_container
from galaxykit.namespaces import add_group
from galaxykit.registries import create_registry, delete_registry
from galaxykit.remotes import create_remote, update_remote
from galaxykit.repositories import get_repository_href
from galaxykit.roles import put_update_role
from galaxykit.users import update_user
from galaxykit.utils import GalaxyClientError, wait_for_task
Expand Down Expand Up @@ -66,14 +66,16 @@ def test_load_data(self, galaxy_client, data, ansible_config):
create_repo_and_dist(gc, repo["name"])
except GalaxyClientError as e:
if "This field must be unique" in e.response.text:
logger.debug(f"Repository {repo['name']} already exists. Not a problem.")
logger.debug(
f"Repository {repo['name']} already exists. Not a problem.")
else:
raise e

for remote in data["remotes"]:
try:
logger.debug(f"Creating remote {remote['name']}")
create_remote(gc, remote["name"], remote["url"])
create_remote(gc, remote["name"], remote["url"], remote["signed_only"],
remote["tls_validation"])
except GalaxyClientError as e:
if "This field must be unique" in e.response.text:
logger.debug(f"Remote {remote['name']} already exists. Updating it.")
Expand All @@ -93,17 +95,14 @@ def test_load_data(self, galaxy_client, data, ansible_config):
artifact = upload_new_artifact(
gc, collection["namespace"], collection["repository"],
collection["version"], collection["name"])
collection_resp_1 = gc.get(
f"pulp/api/v3/content/ansible/collection_versions/?name={artifact.name}"
)
move_or_copy_collection(gc, artifact.namespace, artifact.name,
artifact.version, "staging",
destination=collection["repository"])
if collection["signed"]:
logger.debug("Signing collection")
repo_pulp_href = get_repository_href(gc, collection["repository"])
sign_collection(gc, collection_resp_1["results"][0]["pulp_href"],
repo_pulp_href)
sign_collection_on_demand(
gc, "ansible-default", collection["repository"],
artifact.namespace, artifact.name, artifact.version)
if collection["deprecated"]:
logger.debug("Deprecating collection")
deprecate_collection(gc, collection["namespace"], artifact.name,
Expand Down
17 changes: 12 additions & 5 deletions galaxy_ng/tests/integration/api/test_verify_data.py
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,8 @@
import pytest

from galaxy_ng.tests.integration.conftest import is_hub_4_7_or_higher
from galaxy_ng.tests.integration.utils.iqe_utils import is_upgrade_from_aap23_hub46
from galaxy_ng.tests.integration.utils.iqe_utils import is_upgrade_from_aap23_hub46, \
galaxy_auto_sign_collections
from galaxy_ng.tests.integration.utils.repo_management_utils import search_collection_endpoint
from galaxykit.collections import collection_info
from galaxykit.groups import get_group_id
Expand Down Expand Up @@ -66,14 +67,20 @@ def test_verify_data_collections(self, galaxy_client, data, ansible_config):
assert actual_col["version"] == expected_col["version"]
assert actual_col["name"] == expected_name
assert actual_col["namespace"]["name"] == expected_col["namespace"]
if expected_col["signed"]:
assert len(actual_col["signatures"]) > 0
if not galaxy_auto_sign_collections():
if expected_col["signed"]:
assert len(actual_col["signatures"]) > 0
else:
assert len(actual_col["signatures"]) == 0
else:
assert len(actual_col["signatures"]) == 0
assert len(actual_col["signatures"]) > 0
if is_hub_4_7_or_higher(ansible_config):
_, actual_col = search_collection_endpoint(gc, name=expected_name)
assert actual_col[0]["is_deprecated"] == expected_col["deprecated"]
assert actual_col[0]["is_signed"] == expected_col["signed"]
if galaxy_auto_sign_collections():
assert actual_col[0]["is_signed"] is True
else:
assert actual_col[0]["is_signed"] == expected_col["signed"]
assert actual_col[0]["cv_name"] == expected_name
assert actual_col[0]["cv_version"] == expected_col["version"]
assert actual_col[0]["repo_name"] == expected_col["repository"]
Expand Down
2 changes: 1 addition & 1 deletion galaxy_ng/tests/integration/load_data.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -87,5 +87,5 @@ execution_environments:

remote_registries:
- name: remote_registry_1
url: https//remote2.registry1.com
url: https://remote2.registry1.com

22 changes: 22 additions & 0 deletions galaxy_ng/tests/integration/utils/iqe_utils.py
Original file line number Diff line number Diff line change
Expand Up @@ -670,3 +670,25 @@ def require_signature_for_approval():
api_client = get_client(config)
settings = api_client("_ui/v1/settings/")
return settings.get("GALAXY_REQUIRE_SIGNATURE_FOR_APPROVAL")


def sign_collection_on_demand(client, signing_service, repo, ns, collection_name,
collection_version):
# to be moved to galaxykit
sign_url = "_ui/v1/collection_signing/"
sign_payload = {
"signing_service": signing_service,
"distro_base_path": repo,
"namespace": ns,
"collection": collection_name,
"version": collection_version,
}
client.post(sign_url, sign_payload)


def galaxy_auto_sign_collections():
ansible_config = get_ansible_config()
config = ansible_config("admin")
api_client = get_client(config)
settings = api_client("_ui/v1/settings/")
return settings.get("GALAXY_AUTO_SIGN_COLLECTIONS")

0 comments on commit ffe1aa3

Please sign in to comment.