From 5a4382088bf4afbbe6df6b3c3e5c83f940a2b236 Mon Sep 17 00:00:00 2001 From: Stepan Oksanichenko Date: Mon, 20 Jun 2022 10:20:00 +0000 Subject: [PATCH 01/10] Add 'cas_wrapper.py' Add cas wrapper --- cas_wrapper.py | 66 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 66 insertions(+) create mode 100644 cas_wrapper.py diff --git a/cas_wrapper.py b/cas_wrapper.py new file mode 100644 index 0000000..b4a154f --- /dev/null +++ b/cas_wrapper.py @@ -0,0 +1,66 @@ +import json + +from plumbum import local, ProcessExecutionError + + +class CasWrapper: + """ + The python wrapper around binary `cas` + from Codenotary Community Attestation Service + """ + + binary_name = 'cas' + + def __init__( + self, + cas_api_key: str, + cas_signer_id: str, + ): + if self.binary_name not in local: + raise FileNotFoundError( + 'Binary CAS is not found in PATH on the machine', + ) + self._cas_api_key = cas_api_key + self._cas_signer_id = cas_signer_id + with local.env( + CAS_API_KEY=self._cas_api_key, + SIGNER_ID=self._cas_signer_id + ): + self._cas = local['cas'] + self._cas('login') + + def notarize(self, local_git_repo_path: str) -> str: + """ + Wrapper around `cas notarize` + :param local_git_repo_path: path to a local Git repo + :return: hash of notarized commit + :rtype: str + """ + command = self._cas[ + 'notarize', + f'git://{local_git_repo_path}', + '-o', + 'json', + ] + result_of_execution = command() + return json.loads(result_of_execution)['hash'] + + def authenticate(self, local_git_repo_path: str) -> bool: + """ + Wrapper around `cas authenticate` + :param local_git_repo_path: path to a local Git repo + :return: true if a commit is trusted, vice versa - false + :rtype: bool + """ + command = self._cas[ + 'authenticate', + f'git://{local_git_repo_path}', + '-o', + 'json', + ] + try: + result_of_execution = command() + except ProcessExecutionError: + # in case if commit is untrusted + result_of_execution = command(retcode=1) + return not bool(json.loads(result_of_execution)['status']) -- 2.43.5 From 037aa1ad5e310fb8d475ebd22ee3feda12e8138c Mon Sep 17 00:00:00 2001 From: Stepan Oksanichenko Date: Mon, 20 Jun 2022 10:22:52 +0000 Subject: [PATCH 02/10] Update 'cas_wrapper.py' --- cas_wrapper.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cas_wrapper.py b/cas_wrapper.py index b4a154f..7bcd4f9 100644 --- a/cas_wrapper.py +++ b/cas_wrapper.py @@ -27,7 +27,7 @@ class CasWrapper: SIGNER_ID=self._cas_signer_id ): self._cas = local['cas'] - self._cas('login') + self._cas['login']() def notarize(self, local_git_repo_path: str) -> str: """ -- 2.43.5 From 1fcbac41b17457785ddae4a701fa6088ff6a1c3a Mon Sep 17 00:00:00 2001 From: Stepan Oksanichenko Date: Tue, 21 Jun 2022 06:41:45 +0000 Subject: [PATCH 03/10] Update 'cas_wrapper.py' --- cas_wrapper.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cas_wrapper.py b/cas_wrapper.py index 7bcd4f9..e1e20a9 100644 --- a/cas_wrapper.py +++ b/cas_wrapper.py @@ -38,7 +38,7 @@ class CasWrapper: """ command = self._cas[ 'notarize', - f'git://{local_git_repo_path}', + local_git_repo_path, '-o', 'json', ] -- 2.43.5 From 85764ae6554af003d1d6eab3a6b171e15d4b7477 Mon Sep 17 00:00:00 2001 From: soksanichenko Date: Tue, 21 Jun 2022 09:56:58 +0300 Subject: [PATCH 04/10] ALBS-443: Integrate CodeNotary with git updater tool - Additional metadata for notarizing --- cas_wrapper.py | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/cas_wrapper.py b/cas_wrapper.py index e1e20a9..e5990a4 100644 --- a/cas_wrapper.py +++ b/cas_wrapper.py @@ -45,19 +45,32 @@ class CasWrapper: result_of_execution = command() return json.loads(result_of_execution)['hash'] - def authenticate(self, local_git_repo_path: str) -> bool: + def authenticate( + self, + local_path: str, + metadata: dict = None, + ): """ Wrapper around `cas authenticate` - :param local_git_repo_path: path to a local Git repo + :param local_path: path to a local Git repo + (should be started from `git://`) + or to a single local file + :param metadata: additional metadata :return: true if a commit is trusted, vice versa - false :rtype: bool """ command = self._cas[ 'authenticate', - f'git://{local_git_repo_path}', + local_path, '-o', 'json', ] + if metadata is not None: + for key, value in metadata.items(): + command = command[ + '-a', + f'{key}={value}', + ] try: result_of_execution = command() except ProcessExecutionError: -- 2.43.5 From e25c5070b038b36a1fae14a1a49c8ffbf994a892 Mon Sep 17 00:00:00 2001 From: soksanichenko Date: Tue, 21 Jun 2022 09:57:29 +0300 Subject: [PATCH 05/10] ALBS-443: Integrate CodeNotary with git updater tool - Additional metadata for notarizing --- cas_wrapper.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/cas_wrapper.py b/cas_wrapper.py index e5990a4..8cb648b 100644 --- a/cas_wrapper.py +++ b/cas_wrapper.py @@ -1,4 +1,5 @@ import json +from typing import Dict from plumbum import local, ProcessExecutionError @@ -48,7 +49,7 @@ class CasWrapper: def authenticate( self, local_path: str, - metadata: dict = None, + metadata: Dict = None, ): """ Wrapper around `cas authenticate` -- 2.43.5 From f46eef7df9e350d40f616acb855fbd6e8c76db02 Mon Sep 17 00:00:00 2001 From: soksanichenko Date: Tue, 21 Jun 2022 09:59:43 +0300 Subject: [PATCH 06/10] ALBS-443: Integrate CodeNotary with git updater tool - Additional metadata for notarizing --- cas_wrapper.py | 53 ++++++++++++++++++++++++++------------------------ 1 file changed, 28 insertions(+), 25 deletions(-) diff --git a/cas_wrapper.py b/cas_wrapper.py index 8cb648b..f58f303 100644 --- a/cas_wrapper.py +++ b/cas_wrapper.py @@ -30,38 +30,20 @@ class CasWrapper: self._cas = local['cas'] self._cas['login']() - def notarize(self, local_git_repo_path: str) -> str: + def notarize( + self, + local_path: str, + metadata: Dict = None, + ) -> str: """ Wrapper around `cas notarize` - :param local_git_repo_path: path to a local Git repo + :param local_path: path to a local Git repo + :param metadata: additional metadata :return: hash of notarized commit :rtype: str """ command = self._cas[ 'notarize', - local_git_repo_path, - '-o', - 'json', - ] - result_of_execution = command() - return json.loads(result_of_execution)['hash'] - - def authenticate( - self, - local_path: str, - metadata: Dict = None, - ): - """ - Wrapper around `cas authenticate` - :param local_path: path to a local Git repo - (should be started from `git://`) - or to a single local file - :param metadata: additional metadata - :return: true if a commit is trusted, vice versa - false - :rtype: bool - """ - command = self._cas[ - 'authenticate', local_path, '-o', 'json', @@ -72,6 +54,27 @@ class CasWrapper: '-a', f'{key}={value}', ] + result_of_execution = command() + return json.loads(result_of_execution)['hash'] + + def authenticate( + self, + local_path: str, + ): + """ + Wrapper around `cas authenticate` + :param local_path: path to a local Git repo + (should be started from `git://`) + or to a single local file + :return: true if a commit is trusted, vice versa - false + :rtype: bool + """ + command = self._cas[ + 'authenticate', + local_path, + '-o', + 'json', + ] try: result_of_execution = command() except ProcessExecutionError: -- 2.43.5 From 646b984d893170eb7b7313629ce7b496ed897a16 Mon Sep 17 00:00:00 2001 From: soksanichenko Date: Tue, 21 Jun 2022 11:04:31 +0300 Subject: [PATCH 07/10] ALBS-443: Integrate CodeNotary with git updater tool - Env vars with credentials --- cas_wrapper.py | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/cas_wrapper.py b/cas_wrapper.py index f58f303..8533dc9 100644 --- a/cas_wrapper.py +++ b/cas_wrapper.py @@ -54,7 +54,11 @@ class CasWrapper: '-a', f'{key}={value}', ] - result_of_execution = command() + with local.env( + CAS_API_KEY=self._cas_api_key, + SIGNER_ID=self._cas_signer_id + ): + result_of_execution = command() return json.loads(result_of_execution)['hash'] def authenticate( @@ -76,8 +80,16 @@ class CasWrapper: 'json', ] try: - result_of_execution = command() + with local.env( + CAS_API_KEY=self._cas_api_key, + SIGNER_ID=self._cas_signer_id + ): + result_of_execution = command() except ProcessExecutionError: - # in case if commit is untrusted - result_of_execution = command(retcode=1) + with local.env( + CAS_API_KEY=self._cas_api_key, + SIGNER_ID=self._cas_signer_id + ): + # in case if commit is untrusted + result_of_execution = command(retcode=1) return not bool(json.loads(result_of_execution)['status']) -- 2.43.5 From 576b7e0185f4b6b9cec15b73aec85a6e6c12c74b Mon Sep 17 00:00:00 2001 From: soksanichenko Date: Tue, 21 Jun 2022 13:40:16 +0300 Subject: [PATCH 08/10] ALBS-443: Integrate CodeNotary with git updater tool - setup.py --- pyproject.toml | 10 ++++++++++ setup.py | 24 ++++++++++++++++++++++++ 2 files changed, 34 insertions(+) create mode 100644 pyproject.toml create mode 100644 setup.py diff --git a/pyproject.toml b/pyproject.toml new file mode 100644 index 0000000..d2e099a --- /dev/null +++ b/pyproject.toml @@ -0,0 +1,10 @@ +[build-system] +requires = [ + "setuptools>=42", + "wheel" +] +build-backend = "setuptools.build_meta" + +[project] +name = 'cas-wrapper' + diff --git a/setup.py b/setup.py new file mode 100644 index 0000000..d5c68cb --- /dev/null +++ b/setup.py @@ -0,0 +1,24 @@ +from setuptools import setup + +setup( + name="cas_wrapper", + version="0.0.1", + author="Stepan Oksanichenko", + author_email="soksanichenko@almalinux.org", + description="The python wrapper around binary cas from project Codenotary Community Attestation Service.", + url="https://git.almalinux.org/almalinux/cas_wrapper", + project_urls={ + "Bug Tracker": "https://git.almalinux.org/almalinux/cas_wrapper/issues", + }, + classifiers=[ + "Programming Language :: Python :: 3", + "License :: OSI Approved :: GNU General Public License v3 or later (GPLv3+)", + "Operating System :: OS Independent", + ], + py_modules=['cas_wrapper'], + scripts=['cas_wrapper.py'], + install_requires=[ + 'plumbum>=1.7.2', + ], + python_requires=">=3.6", +) -- 2.43.5 From 78c68f7a5df3850577af2afe432343c5ec1fddef Mon Sep 17 00:00:00 2001 From: soksanichenko Date: Tue, 21 Jun 2022 13:41:27 +0300 Subject: [PATCH 09/10] ALBS-443: Integrate CodeNotary with git updater tool - setup.py --- setup.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/setup.py b/setup.py index d5c68cb..d7c772d 100644 --- a/setup.py +++ b/setup.py @@ -5,14 +5,16 @@ setup( version="0.0.1", author="Stepan Oksanichenko", author_email="soksanichenko@almalinux.org", - description="The python wrapper around binary cas from project Codenotary Community Attestation Service.", + description="The python wrapper around binary cas from " + "project Codenotary Community Attestation Service.", url="https://git.almalinux.org/almalinux/cas_wrapper", project_urls={ "Bug Tracker": "https://git.almalinux.org/almalinux/cas_wrapper/issues", }, classifiers=[ "Programming Language :: Python :: 3", - "License :: OSI Approved :: GNU General Public License v3 or later (GPLv3+)", + "License :: OSI Approved :: " + "GNU General Public License v3 or later (GPLv3+)", "Operating System :: OS Independent", ], py_modules=['cas_wrapper'], -- 2.43.5 From a2ee1427fae0968a7dc7cb202a7ca2308cfb794f Mon Sep 17 00:00:00 2001 From: soksanichenko Date: Tue, 21 Jun 2022 13:41:48 +0300 Subject: [PATCH 10/10] ALBS-443: Integrate CodeNotary with git updater tool - setup.py --- pyproject.toml | 10 ---------- 1 file changed, 10 deletions(-) delete mode 100644 pyproject.toml diff --git a/pyproject.toml b/pyproject.toml deleted file mode 100644 index d2e099a..0000000 --- a/pyproject.toml +++ /dev/null @@ -1,10 +0,0 @@ -[build-system] -requires = [ - "setuptools>=42", - "wheel" -] -build-backend = "setuptools.build_meta" - -[project] -name = 'cas-wrapper' - -- 2.43.5