ALBS-1122: Replace notarization interface from CAS to VCN #7

Merged
danfimov merged 3 commits from danfimov/cas_wrapper:albs-1122 into master 2023-06-20 14:43:28 +00:00
Showing only changes of commit 46b61be603 - Show all commits

View File

@ -1,10 +1,10 @@
import json
import logging
import typing
from pathlib import Path
from functools import wraps
from pathlib import Path
from plumbum import local, ProcessExecutionError
from plumbum import ProcessExecutionError, local
def with_env_context(func):
@ -20,6 +20,7 @@ def with_env_context(func):
VCN_LC_PORT=self._vcn_lc_port,
):
return func(self, *args, **kwargs)
return wrapper
@ -32,7 +33,7 @@ class CasWrapper:
def _is_binary_present(self):
if not self._full_binary_path.exists():
raise FileNotFoundError(
f'Binary VCN is not found in {self._binary_path} on the machine',
f"Binary VCN is not found in {self._binary_path} on the machine",
)
def __init__(
@ -50,7 +51,7 @@ class CasWrapper:
self._binary_name = binary_name
self._binary_path = binary_path
self._full_binary_path = Path(self._binary_path, self._binary_name)
self._vcn = local[self._full_binary_path]
self._vcn = local[str(self._full_binary_path)]
self._logger = logger
if self._logger is None:
self._logger = logging.getLogger()
@ -58,13 +59,13 @@ class CasWrapper:
def get_version(self):
danfimov marked this conversation as resolved
Review
This breaks https://github.com/AlmaLinux/alma-sbom/blob/main/libsbom/cyclonedx.py#L30
Review

yes, but we need to make changes in alma-sbom repository anyway, because CasWrapper expect different values for initialization
also maybe there is a point, to left this method as classmethod

yes, but we need to make changes in `alma-sbom` repository anyway, because `CasWrapper` expect different values for initialization also maybe there is a point, to left this method as `classmethod`
Review

Right, we need to update alma-sbom too. And yes, I'd imagine that we might keep this as a classmethod.

Right, we need to update `alma-sbom` too. And yes, I'd imagine that we might keep this as a `classmethod`.
self._is_binary_present()
command = self._vcn['--version']
version = command().split()[-1].split('v')[1]
command = self._vcn["--version"]
version = command().split()[-1].split("v")[1]
return version
@with_env_context
def ensure_login(self):
self._vcn['login']()
self._vcn["login"]()
@with_env_context
def notarize(
@ -80,20 +81,20 @@ class CasWrapper:
:rtype: str
"""
command = self._vcn[
'notarize',
"notarize",
local_path,
'-o',
'json',
"-o",
"json",
]
if metadata is not None:
for key, value in metadata.items():
command = command[
'-a',
f'{key}={value}',
"-a",
f"{key}={value}",
]
result_of_execution = command()
result_of_execution, *_ = json.loads(result_of_execution)
return result_of_execution['hash']
return result_of_execution["hash"]
def notarize_no_exc(
self,
@ -114,9 +115,8 @@ class CasWrapper:
vcn_hash = self.notarize(local_path, metadata=metadata)
success = True
except Exception:
self._logger.exception('Cannot notarize artifact: %s',
local_path)
vcn_hash = ''
self._logger.exception("Cannot notarize artifact: %s", local_path)
vcn_hash = ""
return success, vcn_hash
@with_env_context
@ -138,12 +138,12 @@ class CasWrapper:
or dict with result if return_json param is True
:rtype: bool or dict
"""
command_args = ['authenticate', local_path]
command_args = ["authenticate", local_path]
if use_hash:
command_args = ['authenticate', '--hash', local_path]
command_args = ["authenticate", "--hash", local_path]
if signer_id:
command_args.extend(('--signerID', signer_id))
command_args.extend(('-o', 'json'))
command_args.extend(("--signerID", signer_id))
command_args.extend(("-o", "json"))
command = self._vcn[command_args]
try:
result_of_execution = command()
@ -153,7 +153,7 @@ class CasWrapper:
json_result = json.loads(result_of_execution)
if return_json:
return json_result
return not bool(json_result['status'])
return not bool(json_result["status"])
def authenticate_source(
self,
@ -173,12 +173,12 @@ class CasWrapper:
return_json=True,
signer_id=signer_id,
)
is_authenticated = result_json['verified']
commit_vcn_hash = result_json['hash']
is_authenticated = result_json["verified"]
commit_vcn_hash = result_json["hash"]
# we can fall with ProcessExecutionError,
# because source can be not notarized
except ProcessExecutionError:
self._logger.exception('Cannot authenticate: %s', local_path)
self._logger.exception("Cannot authenticate: %s", local_path)
return is_authenticated, commit_vcn_hash
def authenticate_artifact(
@ -198,12 +198,12 @@ class CasWrapper:
local_path,
use_hash=use_hash,
return_json=True,
signer_id=signer_id
)['verified']
signer_id=signer_id,
)["verified"]
# we can fall with ProcessExecutionError,
# because artifact can be not notarized
except ProcessExecutionError:
self._logger.exception('Cannot authenticate: %s', local_path)
self._logger.exception("Cannot authenticate: %s", local_path)
return is_authenticated
def notarize_artifacts(
@ -229,8 +229,10 @@ class CasWrapper:
try:
vcn_artifact_hash = self.notarize(artifact_path, metadata)
except Exception:
self._logger.exception('Cannot notarize artifact: %s',
artifact_path)
self._logger.exception(
"Cannot notarize artifact: %s",
artifact_path,
)
all_artifacts_is_notarized = False
continue
notarized_artifacts[artifact_path] = vcn_artifact_hash