Changed passed indentity to list of identities matching references

release-engineering · Jun 26, 2024 · dff5df7 · dff5df7
1 parent 2180ae8
commit dff5df7
Show file tree

Hide file tree

Showing 5 changed files with 100 additions and 27 deletions.
diff --git a/requirements.txt b/requirements.txt
@@ -13,4 +13,5 @@ pubtools-iib
 kerberos
 marshmallow
 urllib3<2
-pubtools-sign>0.0.7
+pubtools-sign>0.0.6
+docker
diff --git a/src/pubtools/_quay/signer_wrapper.py b/src/pubtools/_quay/signer_wrapper.py
@@ -106,12 +106,12 @@ def _store_signed(self, signatures: Dict[str, Any]) -> None:
         self._run_store_signed(signatures)
 
     def sign_container_opt_args(
-        self, sign_entry: SignEntry, task_id: Optional[str] = None
+        self, sign_entry: List[SignEntry], task_id: Optional[str] = None
     ) -> Dict[str, Any]:
         """Return optional arguments for signing a container.
 
         Args:
-            sign_entry (SignEntry): SignEntry to sign.
+            sign_entries (List[SignEntry]): List of SignEntry.
             task_id (str): Task ID to identify the signing task if needed.
 
         Returns:
@@ -140,7 +140,7 @@ def _sign_containers(
         if not sign_entries:
             return
         sign_entry = sign_entries[0]
-        opt_args = self.sign_container_opt_args(sign_entry, task_id)
+        opt_args = self.sign_container_opt_args(sign_entries, task_id)
         signed = self.entry_point(
             config_file=self.config_file,
             signing_key=sign_entry.signing_key,
@@ -225,12 +225,12 @@ def _filter_to_sign(self, to_sign_entries: List[SignEntry]) -> List[SignEntry]:
         return ret
 
     def sign_container_opt_args(
-        self, sign_entry: SignEntry, task_id: Optional[str] = None
+        self, sign_entries: List[SignEntry], task_id: Optional[str] = None
     ) -> Dict[str, Any]:
         """Return optional arguments for signing a container.
 
         Args:
-            sign_entry (SignEntry): SignEntry to sign.
+            sign_entries (List[SignEntry]): List of SignEntry.
             task_id (str): Task ID to identify the signing task if needed.
 
         Returns:
@@ -529,18 +529,18 @@ class CosignSignerWrapper(SignerWrapper):
     #     return rets
 
     def sign_container_opt_args(
-        self, sign_entry: SignEntry, task_id: Optional[str] = None
+        self, sign_entries: List[SignEntry], task_id: Optional[str] = None
     ) -> Dict[str, Any]:
         """Return optional arguments for signing a container.
 
         Args:
-            sign_entry (SignEntry): SignEntry to sign.
+            sign_entries (List[SignEntry]): List of SignEntry.
             task_id (str): Task ID to identify the signing task if needed.
 
         Returns:
             dict: Optional arguments for signing a container.
         """
-        return {"identity": sign_entry.pub_reference}
+        return {"identity": [sign_entry.pub_reference for sign_entry in sign_entries]}
 
     def _filter_to_remove(
         self,

diff --git a/src/pubtools/_quay/tag_docker.py b/src/pubtools/_quay/tag_docker.py
@@ -754,11 +754,11 @@ def merge_manifest_lists_sign_images(
         else:
             ml_to_sign = json.dumps(new_manifest_list)
             self.quay_client.upload_manifest(new_manifest_list, dest_image)
-        print(ml_to_sign)
 
         if push_item.claims_signing_key:
             # for cosign sign also manifest list
-            pub_reference = "https://" + registry + "/" + list(push_item.repos.keys())[0]
+            pub_registry = dest_registries[0]
+            pub_reference = pub_registry + "/" + list(push_item.repos.keys())[0]
             to_sign_entries_internal.append(
                 SignEntry(
                     repo=list(push_item.repos.keys())[0],

diff --git a/tests/test_iib_operations.py b/tests/test_iib_operations.py
@@ -359,7 +359,12 @@ def test_task_iib_add_bundles(
                     "sha256:bd6eba96070efe86b64b9a212680ca6d46a2e30f0a7d8e539f657eabc45c35a6",
                     "sha256:bd6eba96070efe86b64b9a212680ca6d46a2e30f0a7d8e539f657eabc45c35a6",
                 ],
-                identity="some-registry1.com/operators/index-image",
+                identity=[
+                    "some-registry1.com/operators/index-image",
+                    "some-registry1.com/operators/index-image",
+                    "some-registry1.com/operators/index-image",
+                    "some-registry1.com/operators/index-image",
+                ],
             ),
         ]
     )
@@ -474,7 +479,12 @@ def test_task_iib_add_bundles_missing_manifest_list(
                     "sha256:bd6eba96070efe86b64b9a212680ca6d46a2e30f0a7d8e539f657eabc45c35a6",
                     "sha256:bd6eba96070efe86b64b9a212680ca6d46a2e30f0a7d8e539f657eabc45c35a6",
                 ],
-                identity="some-registry1.com/operators/index-image",
+                identity=[
+                    "some-registry1.com/operators/index-image",
+                    "some-registry1.com/operators/index-image",
+                    "some-registry1.com/operators/index-image",
+                    "some-registry1.com/operators/index-image",
+                ],
             ),
         ]
     )
@@ -639,7 +649,12 @@ def test_task_iib_add_bundles_operator_ns(
                     "sha256:bd6eba96070efe86b64b9a212680ca6d46a2e30f0a7d8e539f657eabc45c35a6",
                     "sha256:bd6eba96070efe86b64b9a212680ca6d46a2e30f0a7d8e539f657eabc45c35a6",
                 ],
-                identity="some-registry1.com/operators/index-image",
+                identity=[
+                    "some-registry1.com/operators/index-image",
+                    "some-registry1.com/operators/index-image",
+                    "some-registry1.com/operators/index-image",
+                    "some-registry1.com/operators/index-image",
+                ],
             ),
         ]
     )
@@ -1157,7 +1172,12 @@ def test_task_iib_build_from_scratch(
                     "sha256:bd6eba96070efe86b64b9a212680ca6d46a2e30f0a7d8e539f657eabc45c35a6",
                     "sha256:bd6eba96070efe86b64b9a212680ca6d46a2e30f0a7d8e539f657eabc45c35a6",
                 ],
-                identity="some-registry1.com/operators/index-image",
+                identity=[
+                    "some-registry1.com/operators/index-image",
+                    "some-registry1.com/operators/index-image",
+                    "some-registry1.com/operators/index-image",
+                    "some-registry1.com/operators/index-image",
+                ],
             ),
         ]
     )
@@ -1411,7 +1431,12 @@ def test_task_iib_build_from_scratch_missing_manifest_list(
                     "sha256:bd6eba96070efe86b64b9a212680ca6d46a2e30f0a7d8e539f657eabc45c35a6",
                     "sha256:bd6eba96070efe86b64b9a212680ca6d46a2e30f0a7d8e539f657eabc45c35a6",
                 ],
-                identity="some-registry1.com/operators/index-image",
+                identity=[
+                    "some-registry1.com/operators/index-image",
+                    "some-registry1.com/operators/index-image",
+                    "some-registry1.com/operators/index-image",
+                    "some-registry1.com/operators/index-image",
+                ],
             ),
         ]
     )
@@ -1565,7 +1590,12 @@ def test_task_iib_build_from_scratch_operator_ns(
                     "sha256:bd6eba96070efe86b64b9a212680ca6d46a2e30f0a7d8e539f657eabc45c35a6",
                     "sha256:bd6eba96070efe86b64b9a212680ca6d46a2e30f0a7d8e539f657eabc45c35a6",
                 ],
-                identity="some-registry1.com/operators/index-image",
+                identity=[
+                    "some-registry1.com/operators/index-image",
+                    "some-registry1.com/operators/index-image",
+                    "some-registry1.com/operators/index-image",
+                    "some-registry1.com/operators/index-image",
+                ],
             ),
         ]
     )

diff --git a/tests/test_integration.py b/tests/test_integration.py
@@ -330,7 +330,13 @@ def test_push_docker_multiarch_merge_ml_operator(
                         "sha256:3333333333",
                         "sha256:5555555555",
                     ],
-                    identity="some-registry1.com/target/repo",
+                    identity=[
+                        "some-registry1.com/target/repo",
+                        "some-registry1.com/target/repo",
+                        "some-registry1.com/target/repo",
+                        "some-registry1.com/target/repo",
+                        "some-registry1.com/target/repo",
+                    ],
                 ),
                 mock.call(
                     config_file="test-config.yml",
@@ -381,7 +387,12 @@ def test_push_docker_multiarch_merge_ml_operator(
                         "sha256:5555555555",
                         "sha256:5555555555",
                     ],
-                    identity="some-registry1.com/operators/index-image",
+                    identity=[
+                        "some-registry1.com/operators/index-image",
+                        "some-registry1.com/operators/index-image",
+                        "some-registry1.com/operators/index-image",
+                        "some-registry1.com/operators/index-image",
+                    ],
                 ),
                 mock.call(
                     config_file="test-config.yml",
@@ -398,7 +409,12 @@ def test_push_docker_multiarch_merge_ml_operator(
                         "sha256:5555555555",
                         "sha256:5555555555",
                     ],
-                    identity="some-registry1.com/operators/index-image",
+                    identity=[
+                        "some-registry1.com/operators/index-image",
+                        "some-registry1.com/operators/index-image",
+                        "some-registry1.com/operators/index-image",
+                        "some-registry1.com/operators/index-image",
+                    ],
                 ),
             ]
         )
@@ -533,7 +549,13 @@ def test_push_docker_multiarch_simple_workflow(
                         "sha256:3333333333",
                         "sha256:5555555555",
                     ],
-                    identity="some-registry1.com/target/repo",
+                    identity=[
+                        "some-registry1.com/target/repo",
+                        "some-registry1.com/target/repo",
+                        "some-registry1.com/target/repo",
+                        "some-registry1.com/target/repo",
+                        "some-registry1.com/target/repo",
+                    ],
                 ),
             ]
         )
@@ -667,7 +689,7 @@ def mock_fetch_missing_push_items_digests_sf(push_items):
                     signing_key="fake-sign-key",
                     reference=["quay.io/some-namespace/target----repo:latest-test-tag"],
                     digest=["fake-digest-0"],
-                    identity="some-registry1.com/target/repo",
+                    identity=["some-registry1.com/target/repo"],
                 ),
             ]
         )
@@ -861,7 +883,11 @@ def test_tag_docker_multiarch_merge_ml(
                         "sha256:5555555555",
                         "sha256:71e75d5344d529631eaf40a8f9522edb7a66620d73eda6aff667572d511c6519",
                     ],
-                    identity="some-registry1.com/namespace/test_repo",
+                    identity=[
+                        "some-registry1.com/namespace/test_repo",
+                        "some-registry1.com/namespace/test_repo",
+                        "some-registry1.com/namespace/test_repo",
+                    ],
                 ),
             ]
         )
@@ -1069,7 +1095,7 @@ def test_tag_docker_source_copy_untag(
                     digest=[
                         "sha256:6ef06d8c90c863ba4eb4297f1073ba8cb28c1f6570e2206cdaad2084e2a4715d",
                     ],
-                    identity="some-registry1.com/namespace/test_repo",
+                    identity=["some-registry1.com/namespace/test_repo"],
                 ),
             ]
         )
@@ -1360,7 +1386,12 @@ def test_task_iib_add_bundles(
                         "sha256:5555555555",
                         "sha256:5555555555",
                     ],
-                    identity="some-registry1.com/operators/index-image",
+                    identity=[
+                        "some-registry1.com/operators/index-image",
+                        "some-registry1.com/operators/index-image",
+                        "some-registry1.com/operators/index-image",
+                        "some-registry1.com/operators/index-image",
+                    ],
                 ),
             ]
         )
@@ -1477,7 +1508,12 @@ def test_task_iib_remove_operators(
                     "quay.io/some-namespace/operators----index-image:8-timestamp",
                 ],
                 digest=["sha256:a1a1a1", "sha256:a1a1a1", "sha256:5555555555", "sha256:5555555555"],
-                identity="some-registry1.com/operators/index-image",
+                identity=[
+                    "some-registry1.com/operators/index-image",
+                    "some-registry1.com/operators/index-image",
+                    "some-registry1.com/operators/index-image",
+                    "some-registry1.com/operators/index-image",
+                ],
             ),
         ]
     )
@@ -1889,7 +1925,13 @@ def test_push_docker_operator_verify_bundle_fail(
                         "sha256:3333333333",
                         "sha256:5555555555",
                     ],
-                    identity="some-registry1.com/target/repo",
+                    identity=[
+                        "some-registry1.com/target/repo",
+                        "some-registry1.com/target/repo",
+                        "some-registry1.com/target/repo",
+                        "some-registry1.com/target/repo",
+                        "some-registry1.com/target/repo",
+                    ],
                 ),
             ]
         )