Last active
September 30, 2020 17:55
-
-
Save jkeam/4d00acc0da467a5d11fbd7897e88e973 to your computer and use it in GitHub Desktop.
Brain dump of a rough outline of the step to upload signatures via curl.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
"""StepImplementer for the upload-container-image step using curl. | |
TODO: doc me | |
Mandatory Inputs: | |
1. | |
# entire file path of where the signature is | |
#includes temporary directory where signature is located | |
'container-image-signature-file-path' | |
2. | |
# fully qualified name of the signature, something like | |
#jkeam/hello-node@sha256=2cbdb73c9177e63e85d267f738e99e368db3f806eab4c541f5c6b719e69f1a2b/signature-1 | |
'container-image-signature-file-name' | |
3. | |
# signature server url | |
'sigserver-url' | |
4. | |
# signature server username | |
'sigserver-username' | |
5. | |
# signature server password | |
'sigserver-password' | |
""" | |
from io import StringIO | |
import sys | |
import sh | |
from tssc import StepImplementer | |
from tssc.utils.io import create_sh_redirect_to_multiple_streams_fn_callback | |
DEFAULT_CONFIG = { | |
} | |
REQUIRED_CONFIG_KEYS = [ | |
'container-image-signature-file-path' | |
'container-image-signature-file-name' | |
'sigserver-url', | |
'sigserver-username', | |
'sigserver-password' | |
] | |
class CurlUploadSignature(StepImplementer): | |
"""StepImplementer for the upload-container-image step using curl. | |
""" | |
@staticmethod | |
def step_implementer_config_defaults(): | |
""" | |
Getter for the StepImplementer's configuration defaults. | |
Notes | |
----- | |
These are the lowest precedence configuration values. | |
Returns | |
------- | |
dict | |
Default values to use for step configuration values. | |
""" | |
return DEFAULT_CONFIG | |
@staticmethod | |
def required_runtime_step_config_keys(): | |
""" | |
Getter for step configuration keys that are required before running the step. | |
See Also | |
-------- | |
_validate_runtime_step_config | |
Returns | |
------- | |
array_list | |
Array of configuration keys that are required before running the step. | |
""" | |
return REQUIRED_CONFIG_KEYS | |
def _run_step(self): | |
container_image_signature_file_path = self.get_config_value( | |
'container-image-signature-file-path' | |
) | |
container_image_signature_file_name = self.get_config_value( | |
'container-image-signature-file-name' | |
) | |
sigserver_url = self.get_config_value('sigserver_url') | |
sigserver_username = self.get_config_value('sigserver_username') | |
sigserver_password = self.get_config_value('sigserver_password') | |
CurlUploadSignature.__curl_file( | |
container_image_signature_file_path=container_image_signature_file_path, | |
container_image_signature_file_name=container_image_signature_file_name, | |
sigserver_url=sigserver_url, | |
sigserver_username=sigserver_username, | |
sigserver_password=sigserver_password | |
) | |
return { | |
'container-image-signature-file-name': \ | |
container_image_signature_file_name | |
} | |
@staticmethod | |
def __curl_file( | |
container_image_signature_file_path, | |
container_image_signature_file_name, | |
sigserver_url, | |
sigserver_username, | |
sigserver_password | |
): | |
try: | |
stdout_result = StringIO() | |
stdout_callback = create_sh_redirect_to_multiple_streams_fn_callback([ | |
sys.stdout, | |
stdout_result | |
]) | |
# -s: Silent | |
# -S: Show error | |
# -f: Don't dump out failure document | |
sh.curl( # pylint: disable=no-member | |
'-sSf', | |
'--user', f"{sigserver_username}:{sigserver_password}", | |
'--data-binary', f"@{container_image_signature_file_path}", | |
f"{sigserver_url}/{container_image_signature_file_name}", | |
_out=stdout_callback, | |
_err=sys.stderr, | |
_tee='err' | |
) | |
except sh.ErrorReturnCode as error: | |
raise RuntimeError(f"Unexpected error curling signature file to signature server: {error}") from error | |
return container_image_signature_file_name |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment