Merge lp:~hopem/charm-helpers/lp1518975 into lp:charm-helpers

Proposed by Edward Hope-Morley
Status: Superseded
Proposed branch: lp:~hopem/charm-helpers/lp1518975
Merge into: lp:charm-helpers
Diff against target: 175 lines (+84/-21)
2 files modified
charmhelpers/contrib/openstack/utils.py (+45/-13)
tests/contrib/openstack/test_openstack_utils.py (+39/-8)
To merge this branch: bzr merge lp:~hopem/charm-helpers/lp1518975
Reviewer Review Type Date Requested Status
James Page Needs Fixing
Review via email: mp+285734@code.launchpad.net

This proposal has been superseded by a proposal from 2016-02-11.

To post a comment you must log in.
Revision history for this message
James Page (james-page) :
review: Needs Fixing
lp:~hopem/charm-helpers/lp1518975 updated
530. By Edward Hope-Morley

import_pgp_key() > import_key()

Unmerged revisions

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'charmhelpers/contrib/openstack/utils.py'
2--- charmhelpers/contrib/openstack/utils.py 2016-01-13 21:13:51 +0000
3+++ charmhelpers/contrib/openstack/utils.py 2016-02-11 15:34:16 +0000
4@@ -25,6 +25,7 @@
5 import re
6
7 import six
8+import tempfile
9 import traceback
10 import uuid
11 import yaml
12@@ -41,6 +42,7 @@
13 config,
14 log as juju_log,
15 charm_dir,
16+ DEBUG,
17 INFO,
18 related_units,
19 relation_ids,
20@@ -347,12 +349,42 @@
21
22
23 def import_key(keyid):
24- cmd = "apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 " \
25- "--recv-keys %s" % keyid
26- try:
27- subprocess.check_call(cmd.split(' '))
28- except subprocess.CalledProcessError:
29- error_out("Error importing repo key %s" % keyid)
30+ key = keyid.strip()
31+ if (key.startswith('-----BEGIN PGP PUBLIC KEY BLOCK-----') and
32+ key.endswith('-----END PGP PUBLIC KEY BLOCK-----')):
33+ juju_log("PGP key found (looks like ASCII Armor format)", level=DEBUG)
34+ juju_log("Importing ASCII Armor PGP key", level=DEBUG)
35+ with tempfile.NamedTemporaryFile() as keyfile:
36+ with open(keyfile.name, 'w') as fd:
37+ fd.write(key)
38+ fd.write("\n")
39+
40+ cmd = ['apt-key', 'add', keyfile.name]
41+ try:
42+ subprocess.check_call(cmd)
43+ except subprocess.CalledProcessError:
44+ error_out("Error importing PGP key '%s'" % key)
45+ else:
46+ juju_log("PGP key found (looks like Radix64 format)", level=DEBUG)
47+ juju_log("Importing PGP key from keyserver", level=DEBUG)
48+ cmd = ['apt-key', 'adv', '--keyserver',
49+ 'hkp://keyserver.ubuntu.com:80', '--recv-keys', key]
50+ try:
51+ subprocess.check_call(cmd)
52+ except subprocess.CalledProcessError:
53+ error_out("Error importing PGP key '%s'" % key)
54+
55+
56+def get_source_and_pgp_key(input):
57+ """Look for a pgp key ID or ascii-armor key in the given input."""
58+ index = input.strip()
59+ index = input.rfind('|')
60+ if index < 0:
61+ return input, None
62+
63+ key = input[index + 1:].strip('|')
64+ source = input[:index]
65+ return source, key
66
67
68 def configure_installation_source(rel):
69@@ -364,16 +396,16 @@
70 with open('/etc/apt/sources.list.d/juju_deb.list', 'w') as f:
71 f.write(DISTRO_PROPOSED % ubuntu_rel)
72 elif rel[:4] == "ppa:":
73- src = rel
74+ src, key = get_source_and_pgp_key(rel)
75+ if key:
76+ import_key(key)
77+
78 subprocess.check_call(["add-apt-repository", "-y", src])
79 elif rel[:3] == "deb":
80- l = len(rel.split('|'))
81- if l == 2:
82- src, key = rel.split('|')
83- juju_log("Importing PPA key from keyserver for %s" % src)
84+ src, key = get_source_and_pgp_key(rel)
85+ if key:
86 import_key(key)
87- elif l == 1:
88- src = rel
89+
90 with open('/etc/apt/sources.list.d/juju_deb.list', 'w') as f:
91 f.write(src)
92 elif rel[:6] == 'cloud:':
93
94=== modified file 'tests/contrib/openstack/test_openstack_utils.py'
95--- tests/contrib/openstack/test_openstack_utils.py 2016-01-13 21:13:51 +0000
96+++ tests/contrib/openstack/test_openstack_utils.py 2016-02-11 15:34:16 +0000
97@@ -1,6 +1,7 @@
98 import io
99 import os
100 import subprocess
101+import tempfile
102 import unittest
103 from copy import copy
104 from testtools import TestCase
105@@ -114,6 +115,21 @@
106
107 # Mock python-dnspython resolver used by get_host_ip()
108
109+PGP_KEY_ASCII_ARMOR = """-----BEGIN PGP PUBLIC KEY BLOCK-----
110+Version: SKS 1.1.5
111+Comment: Hostname: keyserver.ubuntu.com
112+
113+mI0EUCEyTAEEAMuUxyfiegCCwn4J/c0nw5PUTSJdn5FqiUTq6iMfij65xf1vl0g/Mxqw0gfg
114+AJIsCDvO9N9dloLAwF6FUBMg5My7WyhRPTAKF505TKJboyX3Pp4J1fU1LV8QFVOp87vUh1Rz
115+B6GU7cSglhnbL85gmbJTllkzkb3h4Yw7W+edjcQ/ABEBAAG0K0xhdW5jaHBhZCBQUEEgZm9y
116+IFVidW50dSBDbG91ZCBBcmNoaXZlIFRlYW2IuAQTAQIAIgUCUCEyTAIbAwYLCQgHAwIGFQgC
117+CQoLBBYCAwECHgECF4AACgkQimhEop9oEE7kJAP/eTBgq3Mhbvo0d8elMOuqZx3nmU7gSyPh
118+ep0zYIRZ5TJWl/7PRtvp0CJA6N6ZywYTQ/4ANHhpibcHZkh8K0AzUvsGXnJRSFoJeqyDbD91
119+EhoO+4ZfHs2HvRBQEDZILMa2OyuB497E5Mmyua3HDEOrG2cVLllsUZzpTFCx8NgeMHk=
120+=jLBm
121+-----END PGP PUBLIC KEY BLOCK-----
122+"""
123+
124
125 class FakeAnswer(object):
126 def __init__(self, ip):
127@@ -490,25 +506,40 @@
128 _e = 'Invalid Cloud Archive release specified: foo-bar'
129 mocked_error.assert_called_with(_e)
130
131- def test_import_apt_key(self):
132+ @patch.object(openstack, 'juju_log', lambda *args, **kwargs: None)
133+ def test_import_apt_key_radix(self):
134 '''Ensure shell out apt-key during key import'''
135 with patch('subprocess.check_call') as _subp:
136 openstack.import_key('foo')
137- cmd = ['apt-key', 'adv', '--keyserver', 'hkp://keyserver.ubuntu.com:80',
138- '--recv-keys', 'foo']
139+ cmd = ['apt-key', 'adv', '--keyserver',
140+ 'hkp://keyserver.ubuntu.com:80', '--recv-keys', 'foo']
141 _subp.assert_called_with(cmd)
142
143+ @patch.object(openstack, 'juju_log', lambda *args, **kwargs: None)
144+ def test_import_apt_key_ascii_armor(self):
145+ with tempfile.NamedTemporaryFile() as tmp:
146+ with patch.object(openstack, 'tempfile') as \
147+ mock_tmpfile:
148+ tmpfile = mock_tmpfile.NamedTemporaryFile.return_value
149+ tmpfile.__enter__.return_value = tmpfile
150+ tmpfile.name = tmp.name
151+ with patch('subprocess.check_call') as _subp:
152+ openstack.import_key(PGP_KEY_ASCII_ARMOR)
153+ cmd = ['apt-key', 'add', tmp.name]
154+ _subp.assert_called_with(cmd)
155+
156+ @patch.object(openstack, 'juju_log', lambda *args, **kwargs: None)
157 @patch('charmhelpers.contrib.openstack.utils.error_out')
158 def test_import_bad_apt_key(self, mocked_error):
159 '''Ensure error when importing apt key fails'''
160 with patch('subprocess.check_call') as _subp:
161- cmd = ['apt-key', 'adv', '--keyserver', 'hkp://keyserver.ubuntu.com:80',
162- '--recv-keys', 'foo']
163+ cmd = ['apt-key', 'adv', '--keyserver',
164+ 'hkp://keyserver.ubuntu.com:80', '--recv-keys', 'foo']
165 _subp.side_effect = subprocess.CalledProcessError(1, cmd, '')
166 openstack.import_key('foo')
167- cmd = ['apt-key', 'adv', '--keyserver', 'hkp://keyserver.ubuntu.com:80',
168- '--recv-keys', 'foo']
169- mocked_error.assert_called_with('Error importing repo key foo')
170+ cmd = ['apt-key', 'adv', '--keyserver',
171+ 'hkp://keyserver.ubuntu.com:80', '--recv-keys', 'foo']
172+ mocked_error.assert_called_with("Error importing PGP key 'foo'")
173
174 @patch('os.mkdir')
175 @patch('os.path.exists')

Subscribers

People subscribed via source and target branches