Add tests

Author: DomAyre

src/confcom/azext_confcom/lib/cose.py

@@ -61,6 +61,6 @@ def cose_get_properties(file_path: Path):
     cose_print_output = cose_print(file_path)
     return {
         "iss": re.search(r"^iss:\s*(.*)$", cose_print_output, re.MULTILINE).group(1),
-        "feed": re.search(r"^feed:\s*(.*)$", cose_print_output, re.MULTILINE).group(1),
+        "feed": re.search(r"^feed:[ \t]*([^\r\n]*)", cose_print_output, re.MULTILINE).group(1),
         "payload": re.search(r"^payload:\s*(.*)", cose_print_output, re.MULTILINE | re.DOTALL).group(1),
     }

src/confcom/azext_confcom/lib/fragment_references_from_image.py

@@ -3,6 +3,7 @@
 # Licensed under the MIT License. See License.txt in the project root for license information.
 # --------------------------------------------------------------------------------------------
 
+import re
 import tempfile
 
 from pathlib import Path
@@ -17,12 +18,13 @@ def fragment_references_from_image(image: str, minimum_svn: Optional[str]):
 
     for signed_fragment in get_fragments_from_image(image):
 
-        package_name = signed_fragment.name.split(".")[0]
         cose_properties = cose_get_properties(signed_fragment)
 
         with tempfile.NamedTemporaryFile("w+b") as payload:
             payload.write(cose_properties["payload"].encode("utf-8"))
             payload.flush()
+
+            package_name = re.search(r"^package\s*(.*)$", cose_properties["payload"], re.MULTILINE).group(1)
             fragment_properties = opa_eval(
                 Path(payload.name),
                 f"data.{package_name}",

src/confcom/azext_confcom/tests/conftest.py

@@ -5,16 +5,21 @@
 
 import fcntl
 import importlib
+import json
 import os
 import subprocess
 import tempfile
 import psutil
 import pytest
 import sys
 import shutil
+import zipfile
 
 from pathlib import Path
-import zipfile
+
+
+CONFCOM_DIR = Path(__file__).parent.parent.parent
+SAMPLES_DIR = CONFCOM_DIR / "samples"
 
 
 # This fixture ensures tests are run against final built wheels of the extension
@@ -89,3 +94,55 @@ def run_on_wheel(request):
             importlib.import_module(module.__name__)
 
     yield
+
+
+@pytest.fixture()
+def docker_image():
+
+    registry_id = subprocess.run(
+        ["docker", "run", "-d", "-p", "0:5000", "registry:2"],
+        stdout=subprocess.PIPE,
+        text=True,
+    ).stdout
+
+    registry_port = subprocess.run(
+        ["docker", "port", registry_id],
+        stdout=subprocess.PIPE,
+        text=True,
+    ).stdout.split(":")[-1].strip()
+
+    test_container_ref = f"localhost:{registry_port}/hello-world:latest"
+    subprocess.run(["docker", "pull", "hello-world"])
+    subprocess.run(["docker", "tag", "hello-world", test_container_ref])
+    subprocess.run(["docker", "push", test_container_ref])
+
+    with tempfile.NamedTemporaryFile(mode="w+", encoding="utf-8", delete=True) as temp_file:
+        json.dump({
+            "version": "1.0.0",
+            "containers": [
+                {
+                    "name": "hello-world",
+                    "properties": {
+                        "image": test_container_ref,
+                    },
+                }
+            ]
+        }, temp_file)
+        temp_file.flush()
+
+        yield test_container_ref, temp_file.name
+
+    subprocess.run(["docker", "stop", registry_id])
+
+
+@pytest.fixture(scope="session")
+def cert_chain():
+    with tempfile.TemporaryDirectory() as temp_dir:
+        subprocess.run(
+            [
+                (SAMPLES_DIR / "certs" / "create_certchain.sh").as_posix(),
+                temp_dir
+            ],
+            check=True,
+        )
+        yield temp_dir

src/confcom/azext_confcom/tests/latest/test_confcom_acifragmentgen.py

@@ -3,71 +3,14 @@
 # Licensed under the MIT License. See License.txt in the project root for license information.
 # --------------------------------------------------------------------------------------------
 
-import contextlib
 import io
 import json
 import os
 import subprocess
 import tempfile
-import pytest
 
 from azext_confcom.custom import acifragmentgen_confcom, fragment_push, fragment_attach
 
-TEST_DIR = os.path.abspath(os.path.join(os.path.abspath(__file__), ".."))
-SAMPLES_DIR = os.path.abspath(os.path.join(TEST_DIR, "..", "..", "..", "samples"))
-
-
-@pytest.fixture()
-def docker_image():
-
-    registry_id = subprocess.run(
-        ["docker", "run", "-d", "-p", "0:5000", "registry:2"],
-        stdout=subprocess.PIPE,
-        text=True,
-    ).stdout
-
-    registry_port = subprocess.run(
-        ["docker", "port", registry_id],
-        stdout=subprocess.PIPE,
-        text=True,
-    ).stdout.split(":")[-1].strip()
-
-    test_container_ref = f"localhost:{registry_port}/hello-world:latest"
-    subprocess.run(["docker", "pull", "hello-world"])
-    subprocess.run(["docker", "tag", "hello-world", test_container_ref])
-    subprocess.run(["docker", "push", test_container_ref])
-
-    with tempfile.NamedTemporaryFile(mode="w+", encoding="utf-8", delete=True) as temp_file:
-        json.dump({
-            "version": "1.0.0",
-            "containers": [
-                {
-                    "name": "hello-world",
-                    "properties": {
-                        "image": test_container_ref,
-                    },
-                }
-            ]
-        }, temp_file)
-        temp_file.flush()
-
-        yield test_container_ref, temp_file.name
-
-    subprocess.run(["docker", "stop", registry_id])
-
-
-@pytest.fixture(scope="session")
-def cert_chain():
-    with tempfile.TemporaryDirectory() as temp_dir:
-        subprocess.run(
-            [
-                os.path.join(SAMPLES_DIR, "certs", "create_certchain.sh"),
-                temp_dir
-            ],
-            check=True,
-        )
-        yield temp_dir
-
 
 def test_acifragmentgen_fragment_gen(docker_image):
 

src/confcom/azext_confcom/tests/latest/test_confcom_fragment_reference_from_image.py

@@ -0,0 +1,58 @@
+# --------------------------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License. See License.txt in the project root for license information.
+# --------------------------------------------------------------------------------------------
+
+import json
+import subprocess
+
+from contextlib import redirect_stdout
+from io import StringIO
+from pathlib import Path
+
+from azext_confcom.command.fragment_references_from_image import fragment_references_from_image
+
+
+CONFCOM_DIR = Path(__file__).parent.parent.parent.parent
+SAMPLES_DIR = CONFCOM_DIR / "samples"
+
+
+def test_fragment_reference_from_image(docker_image):
+
+    image_ref, spec_file_path = docker_image
+    signed_fragment_path = SAMPLES_DIR / "fragments" / "fragment.rego.cose"
+
+    # Attach a signed fragment to the image
+    subprocess.run(
+        [
+            "oras",
+            "attach",
+            "--artifact-type",
+            "application/x-ms-ccepolicy-frag",
+            image_ref,
+            signed_fragment_path.name,
+        ],
+        check=True,
+        timeout=120,
+        cwd=signed_fragment_path.parent.as_posix(),
+    )
+
+    # Generate the fragment reference
+    buffer = StringIO()
+    with redirect_stdout(buffer):
+        fragment_references_from_image(
+            image=image_ref,
+            minimum_svn=None,
+        )
+
+    fragment_references = json.loads(buffer.getvalue())
+
+    # Check the reference looks as expected
+    assert fragment_references == [
+        {
+            'feed': '',
+            'includes': ['containers'],
+            'issuer': 'did:x509:0:sha256:q2YUkwrO2Ufcq66-CXKS9CA-XZMqFMbFom99GjaR2eI::subject:CN:Contoso',
+            'minimum_svn': '1'
+        }
+    ]