Add tests for signedby in aptpkg module

2025-04-17 10:10:20 +00:00 · 2022-03-10 12:54:03 -07:00 · 2022-03-10 12:54:03 -07:00 · 409072c431
commit 409072c431
parent 5612a3895a
5 changed files with 214 additions and 1 deletions
--- a/salt/modules/aptpkg.py
+++ b/salt/modules/aptpkg.py
@ -2698,7 +2698,7 @@ def mod_repo(repo, saltenv="base", aptkey=True, **kwargs):
    if "signedby" in kwargs:
        kwargs["signedby"] = pathlib.Path(kwargs["signedby"])
    else:
-        kwargs["signedby"] = pathlib.Path(repo_signedby)
+        kwargs["signedby"] = pathlib.Path(repo_signedby) if repo_signedby else ""

    if "keyid" in kwargs:
        keyid = kwargs.pop("keyid", None)
--- a/tests/conftest.py
+++ b/tests/conftest.py
@ -652,6 +652,22 @@ def integration_files_dir(salt_factories):
    return dirname


+@pytest.fixture(scope="module")
+def functional_files_dir(salt_factories):
+    """
+    Fixture which returns the salt functional files directory path.
+    Creates the directory if it does not yet exist.
+    """
+    dirname = salt_factories.root_dir / "functional-files"
+    dirname.mkdir(exist_ok=True)
+    for child in (PYTESTS_DIR / "functional" / "files").iterdir():
+        if child.is_dir():
+            shutil.copytree(str(child), str(dirname / child.name))
+        else:
+            shutil.copyfile(str(child), str(dirname / child.name))
+    return dirname
+
+
@pytest.fixture(scope="session")
 def state_tree_root_dir(integration_files_dir):
    """
--- a/tests/pytests/functional/files/salt-archive-keyring.gpg
+++ b/tests/pytests/functional/files/salt-archive-keyring.gpg
--- a/tests/pytests/functional/modules/test_aptpkg.py
+++ b/tests/pytests/functional/modules/test_aptpkg.py
@ -6,7 +6,10 @@ import pytest
 import salt.exceptions
 import salt.modules.aptpkg as aptpkg
 import salt.modules.cmdmod as cmd
+import salt.modules.config as config
+import salt.modules.cp as cp
 import salt.modules.file as file
+import salt.modules.gpg as gpg
 import salt.utils.files
 import salt.utils.stringutils
 from tests.support.mock import Mock, patch
@ -16,6 +19,28 @@ pytestmark = [
 ]


+class Key:
+    def __init__(self, aptkey=True):
+        self.aptkey = aptkey
+        self.keyname = "salt-archive-keyring.gpg"
+
+    def add_key(self):
+        aptpkg.add_repo_key("salt://{}".format(self.keyname), aptkey=self.aptkey)
+
+    def del_key(self):
+        aptpkg.del_repo_key(keyid="0E08A149DE57BFBE", aptkey=self.aptkey)
+
+
+@pytest.fixture
+def get_key_file(state_tree, functional_files_dir):
+    """
+    Create the key file used for the repo
+    """
+    key = Key()
+    shutil.copy(functional_files_dir / key.keyname, state_tree)
+    yield key.keyname
+
+
@pytest.fixture
 def configure_loader_modules(minion_opts):
    return {
@ -26,6 +51,8 @@ def configure_loader_modules(minion_opts):
                "file.replace": file.replace,
                "file.append": file.append,
                "file.grep": file.grep,
+                "cp.cache_file": cp.cache_file,
+                "config.get": config.get,
            },
            "__opts__": minion_opts,
        },
@ -37,6 +64,13 @@ def configure_loader_modules(minion_opts):
            },
            "__opts__": minion_opts,
        },
+        gpg: {},
+        cp: {
+            "__opts__": minion_opts,
+        },
+        config: {
+            "__opts__": minion_opts,
+        },
    }


@ -226,3 +260,49 @@ def test_mod_repo_no_file(tmp_path, revert_repo_file):
    assert test_repo.split()[1] in ret.strip()
    for comp in comps:
        assert comp in ret
+
+
+@pytest.fixture()
+def add_key(request, get_key_file):
+    """ """
+    key = Key(request.param)
+    key.add_key()
+    yield request.param
+    key.del_key()
+
+
+@pytest.mark.parametrize("add_key", [False, True], indirect=True)
+@pytest.mark.destructive_test
+def test_get_repo_keys(add_key):
+    """
+    Test aptpkg.get_repo_keys when aptkey is False and True
+    """
+    ret = aptpkg.get_repo_keys(aptkey=add_key)
+    assert (
+        ret["0E08A149DE57BFBE"]["uid"]
+        == "SaltStack Packaging Team <packaging@saltstack.com>"
+    )
+
+
+@pytest.mark.parametrize("aptkey", [False, True])
+def test_add_del_repo_key(get_key_file, aptkey):
+    """
+    Test both add_repo_key and del_repo_key when
+    aptkey is both False and True
+    """
+    try:
+        assert aptpkg.add_repo_key("salt://{}".format(get_key_file), aptkey=aptkey)
+        keyfile = pathlib.Path("/usr", "share", "keyrings", get_key_file)
+        if not aptkey:
+            assert keyfile.is_file()
+        query_key = aptpkg.get_repo_keys(aptkey=aptkey)
+        assert (
+            query_key["0E08A149DE57BFBE"]["uid"]
+            == "SaltStack Packaging Team <packaging@saltstack.com>"
+        )
+    finally:
+        aptpkg.del_repo_key(keyid="0E08A149DE57BFBE", aptkey=aptkey)
+        if not aptkey:
+            assert not keyfile.is_file()
+        query_key = aptpkg.get_repo_keys(aptkey=aptkey)
+        assert "0E08A149DE57BFBE" not in query_key
--- a/tests/pytests/functional/states/test_pkgrepo.py
+++ b/tests/pytests/functional/states/test_pkgrepo.py
@ -0,0 +1,117 @@
+import pathlib
+import platform
+
+import pytest
+import salt.utils.files
+
+
+@pytest.mark.skipif(
+    not any([x for x in ["ubuntu", "debian"] if x in platform.platform()]),
+    reason="Test only for debian based platforms",
+)
+def test_adding_repo_file(states, tmp_path):
+    """
+    test adding a repo file using pkgrepo.managed
+    """
+    repo_file = str(tmp_path / "stable-binary.list")
+    repo_content = "deb http://www.deb-multimedia.org stable main"
+    ret = states.pkgrepo.managed(name=repo_content, file=repo_file, clean_file=True)
+    with salt.utils.files.fopen(repo_file, "r") as fp:
+        file_content = fp.read()
+    assert file_content.strip() == repo_content
+
+
+@pytest.mark.skipif(
+    not any([x for x in ["ubuntu", "debian"] if x in platform.platform()]),
+    reason="Test only for debian based platforms",
+)
+def test_adding_repo_file_arch(states, tmp_path):
+    """
+    test adding a repo file using pkgrepo.managed
+    and setting architecture
+    """
+    repo_file = str(tmp_path / "stable-binary.list")
+    repo_content = "deb [arch=amd64  ] http://www.deb-multimedia.org stable main"
+    ret = states.pkgrepo.managed(name=repo_content, file=repo_file, clean_file=True)
+    with salt.utils.files.fopen(repo_file, "r") as fp:
+        file_content = fp.read()
+        assert (
+            file_content.strip()
+            == "deb [arch=amd64] http://www.deb-multimedia.org stable main"
+        )
+
+
+@pytest.fixture
+def key_path():
+    key_file = pathlib.Path("/usr", "share", "keyrings", "salt-archive-keyring.gpg")
+    assert not key_file.is_file()
+    yield key_file
+    key_file.unlink()
+
+
+@pytest.mark.skipif(
+    not any([x for x in ["ubuntu", "debian"] if x in platform.platform()]),
+    reason="Test only for debian based platforms",
+)
+def test_adding_repo_file_signedby(grains, states, tmp_path, key_path):
+    """
+    Test adding a repo file using pkgrepo.managed
+    and setting signedby
+    """
+    repo_file = str(tmp_path / "stable-binary.list")
+    fullname = grains["osfullname"].lower()
+    arch = grains["osarch"]
+    lsb_release = grains["lsb_distrib_release"]
+    key_file = "https://repo.saltproject.io/py3/{}/{}/{}/latest/salt-archive-keyring.gpg".format(
+        fullname, lsb_release, arch
+    )
+    repo_content = "deb [arch={arch} signed-by=/usr/share/keyrings/salt-archive-keyring.gpg] https://repo.saltproject.io/py3/{}/{}/{arch}/latest {} main".format(
+        fullname, lsb_release, grains["oscodename"], arch=arch
+    )
+    ret = states.pkgrepo.managed(
+        name=repo_content,
+        file=repo_file,
+        clean_file=True,
+        signedby=str(key_path),
+        key_url=key_file,
+        aptkey=False,
+    )
+    with salt.utils.files.fopen(repo_file, "r") as fp:
+        file_content = fp.read()
+        assert file_content.strip() == repo_content
+    assert key_path.is_file()
+
+
+@pytest.mark.skipif(
+    not any([x for x in ["ubuntu", "debian"] if x in platform.platform()]),
+    reason="Test only for debian based platforms",
+)
+def test_adding_repo_file_signedby_keyserver(grains, states, tmp_path, key_path):
+    """
+    Test adding a repo file using pkgrepo.managed
+    and setting signedby with a keyserver
+    """
+    repo_file = str(tmp_path / "stable-binary.list")
+    fullname = grains["osfullname"].lower()
+    arch = grains["osarch"]
+    lsb_release = grains["lsb_distrib_release"]
+    key_file = "https://repo.saltproject.io/py3/{}/{}/{}/latest/salt-archive-keyring.gpg".format(
+        fullname, lsb_release, arch
+    )
+    repo_content = "deb [arch={arch} signed-by=/usr/share/keyrings/salt-archive-keyring.gpg] https://repo.saltproject.io/py3/{}/{}/{arch}/latest {} main".format(
+        fullname, lsb_release, grains["oscodename"], arch=arch
+    )
+
+    ret = states.pkgrepo.managed(
+        name=repo_content,
+        file=repo_file,
+        clean_file=True,
+        signedby=str(key_path),
+        keyserver="keyserver.ubuntu.com",
+        keyid="0E08A149DE57BFBE",
+        aptkey=False,
+    )
+    with salt.utils.files.fopen(repo_file, "r") as fp:
+        file_content = fp.read()
+        assert file_content.strip() == repo_content
+    assert key_path.is_file()