From 158adaff6bc9b07709106aa1f841f9f21ea6f1c8 Mon Sep 17 00:00:00 2001 From: James Page Date: Mon, 22 Jul 2024 11:14:45 +0100 Subject: [PATCH] Add support for Private PPA When configuring overlay PPA's, add more general support for providing a source line and associated PGP key for verification of signing. This is useful for testing embargoed CVE's where the proposed packages are not publically visible. --- unit_tests/utilities/test_deployment_env.py | 26 ++++++++++++++++++-- zaza/utilities/deployment_env.py | 27 ++++++++++++++++++--- 2 files changed, 48 insertions(+), 5 deletions(-) diff --git a/unit_tests/utilities/test_deployment_env.py b/unit_tests/utilities/test_deployment_env.py index 05afb4b2..bfb310c3 100644 --- a/unit_tests/utilities/test_deployment_env.py +++ b/unit_tests/utilities/test_deployment_env.py @@ -72,6 +72,24 @@ def test_get_overlay_ppas(self): get_options_mock.return_value = ro_types.resolve_immutable(config) self.assertEqual(deployment_env.get_overlay_ppas(), None) + config = collections.OrderedDict( + { + 'overlay_ppas': [ + { + 'source': "foo", + 'key': "bar", + } + ] + } + ) + get_options_mock.return_value = ro_types.resolve_immutable(config) + self.assertEqual( + deployment_env.get_overlay_ppas(), + ro_types.ReadOnlyList([ + {'source': 'foo', 'key': 'bar'} + ]) + ) + def test_get_cloudinit_userdata(self): with mock.patch.object(deployment_env, 'get_overlay_ppas', return_value=None): @@ -92,7 +110,10 @@ def test_get_cloudinit_userdata(self): deployment_env.get_cloudinit_userdata(), cloudinit_userdata) with mock.patch.object(deployment_env, 'get_overlay_ppas', - return_value=['ppa:ppa0', 'ppa:ppa1']): + return_value=[ + 'ppa:ppa0', + {'source': 'foo', 'key': 'bar'}, + ]): preferences_file = "/etc/apt/preferences.d/proposed-updates" cloud_config = { 'apt': { @@ -101,7 +122,8 @@ def test_get_cloudinit_userdata(self): 'source': 'ppa:ppa0' }, 'overlay-ppa-1': { - 'source': 'ppa:ppa1' + 'source': 'foo', + 'key': 'bar', } } }, diff --git a/zaza/utilities/deployment_env.py b/zaza/utilities/deployment_env.py index 7cc065cc..1631627d 100644 --- a/zaza/utilities/deployment_env.py +++ b/zaza/utilities/deployment_env.py @@ -105,6 +105,18 @@ def get_overlay_ppas(model_alias='default_alias'): overlay_ppas: - ppa:ubuntu-security-proposed/ppa + alternatively more complex sources can also be used (for + example when accessing a Private PPA): + + tests_options: + model_alias: + overlay_ppas: + - source: "deb https://user:pass@private-ppa.launchpad" + key: | + -----BEGIN PGP PUBLIC KEY BLOCK----- + .... + -----END PGP PUBLIC KEY BLOCK----- + :param model: Name of model alias :type bundle: str :returns: List of overlay PPAs @@ -145,9 +157,18 @@ def get_cloudinit_userdata(model_alias='default_alias'): overlay_ppas = get_overlay_ppas(model_alias) if overlay_ppas: for index, overlay_ppa in enumerate(overlay_ppas): - cloud_config['apt']['sources']["overlay-ppa-{}".format(index)] = { - 'source': overlay_ppa - } + try: + # NOTE: support private PPAs with source and key keys. + cloud_config['apt']['sources']["overlay-ppa-{}".format(index)] = { # noqa + 'source': overlay_ppa['source'], + 'key': overlay_ppa['key'], + } + except (KeyError, TypeError): + # NOTE: simple ppa:xxx/yyy format for backwards compatibility + cloud_config['apt']['sources']["overlay-ppa-{}".format(index)] = { # noqa + 'source': overlay_ppa + } + cloudinit_userdata = "#cloud-config\n{}".format( yaml.safe_dump(cloud_config)) return cloudinit_userdata