From 8349408cf85bbfab26454c0452af71b48515d135 Mon Sep 17 00:00:00 2001 From: nghazalibeiklar Date: Thu, 23 Jun 2022 10:42:33 +1000 Subject: [PATCH 1/7] CLIP-1583: Audited url open for permitted schemes and set autoscape to True to mitigate XSS vulnerabilities. --- pipeline_generator/pipeline.py | 1 + .../bitbucket_latest/tests/test_default.py | 21 +++++++++++-------- .../confluence_latest/tests/test_default.py | 21 +++++++++++-------- .../crowd_latest/tests/test_default.py | 21 +++++++++++-------- 4 files changed, 37 insertions(+), 27 deletions(-) diff --git a/pipeline_generator/pipeline.py b/pipeline_generator/pipeline.py index c356a56..4a5c5c2 100644 --- a/pipeline_generator/pipeline.py +++ b/pipeline_generator/pipeline.py @@ -16,6 +16,7 @@ def find_all_scenarios(): def load_template(): jenv = j2.Environment( loader=j2.FileSystemLoader('.'), + autoescape=True, lstrip_blocks=True, trim_blocks=True) return jenv.get_template(PIPELINE_TEMPLATE_J2_FILE) diff --git a/roles/product_install/molecule/bitbucket_latest/tests/test_default.py b/roles/product_install/molecule/bitbucket_latest/tests/test_default.py index bb5b1d8..37b33f9 100644 --- a/roles/product_install/molecule/bitbucket_latest/tests/test_default.py +++ b/roles/product_install/molecule/bitbucket_latest/tests/test_default.py @@ -24,25 +24,28 @@ def test_version_file_is_latest(host): verfile = host.file('/media/atl/bitbucket/shared/bitbucket.version') assert verfile.exists - upstream_fd = urllib.request.urlopen("https://marketplace.atlassian.com/rest/2/products/key/bitbucket/versions") - upstream_json = json.load(upstream_fd) - upstream = upstream_json['_embedded']['versions'][0]['name'] + upstream_req = urllib.request.Request("https://marketplace.atlassian.com/rest/2/products/key/bitbucket/versions") + with urllib.request.urlopen(upstream_req) as upstream_response: + upstream_json = json.load(upstream_response) + upstream = upstream_json['_embedded']['versions'][0]['name'] assert verfile.content.decode("UTF-8").strip() == upstream.strip() def test_latest_is_downloaded(host): - upstream_fd = urllib.request.urlopen("https://marketplace.atlassian.com/rest/2/products/key/bitbucket/versions") - upstream_json = json.load(upstream_fd) - upstream = upstream_json['_embedded']['versions'][0]['name'] + upstream_req = urllib.request.Request("https://marketplace.atlassian.com/rest/2/products/key/bitbucket/versions") + with urllib.request.urlopen(upstream_req) as upstream_response: + upstream_json = json.load(upstream_response) + upstream = upstream_json['_embedded']['versions'][0]['name'] installer = host.file('/media/atl/downloads/bitbucket.' + upstream + '-x64.bin') assert installer.exists assert installer.user == 'root' def test_completed_lockfile(host): - upstream_fd = urllib.request.urlopen("https://marketplace.atlassian.com/rest/2/products/key/bitbucket/versions") - upstream_json = json.load(upstream_fd) - upstream = upstream_json['_embedded']['versions'][0]['name'] + upstream_req = urllib.request.Request("https://marketplace.atlassian.com/rest/2/products/key/bitbucket/versions") + with urllib.request.urlopen(upstream_req) as upstream_response: + upstream_json = json.load(upstream_response) + upstream = upstream_json['_embedded']['versions'][0]['name'] lockfile = host.file('/media/atl/downloads/bitbucket.' + upstream + '-x64.bin_completed') assert lockfile.exists diff --git a/roles/product_install/molecule/confluence_latest/tests/test_default.py b/roles/product_install/molecule/confluence_latest/tests/test_default.py index 1b3ef88..6d59c2a 100644 --- a/roles/product_install/molecule/confluence_latest/tests/test_default.py +++ b/roles/product_install/molecule/confluence_latest/tests/test_default.py @@ -24,25 +24,28 @@ def test_version_file_is_latest(host): verfile = host.file('/media/atl/confluence/shared-home/confluence.version') assert verfile.exists - upstream_fd = urllib.request.urlopen("https://marketplace.atlassian.com/rest/2/products/key/confluence/versions") - upstream_json = json.load(upstream_fd) - upstream = upstream_json['_embedded']['versions'][0]['name'] + upstream_req = urllib.request.Request("https://marketplace.atlassian.com/rest/2/products/key/confluence/versions") + with urllib.request.urlopen(upstream_req) as upstream_response: + upstream_json = json.load(upstream_response) + upstream = upstream_json['_embedded']['versions'][0]['name'] assert verfile.content.decode("UTF-8").strip() == upstream.strip() def test_latest_is_downloaded(host): - upstream_fd = urllib.request.urlopen("https://marketplace.atlassian.com/rest/2/products/key/confluence/versions") - upstream_json = json.load(upstream_fd) - upstream = upstream_json['_embedded']['versions'][0]['name'] + upstream_req = urllib.request.Request("https://marketplace.atlassian.com/rest/2/products/key/confluence/versions") + with urllib.request.urlopen(upstream_req) as upstream_response: + upstream_json = json.load(upstream_response) + upstream = upstream_json['_embedded']['versions'][0]['name'] installer = host.file('/media/atl/downloads/confluence.'+upstream+'-x64.bin') assert installer.exists assert installer.user == 'root' def test_completed_lockfile(host): - upstream_fd = urllib.request.urlopen("https://marketplace.atlassian.com/rest/2/products/key/confluence/versions") - upstream_json = json.load(upstream_fd) - upstream = upstream_json['_embedded']['versions'][0]['name'] + upstream_req = urllib.request.Request("https://marketplace.atlassian.com/rest/2/products/key/confluence/versions") + with urllib.request.urlopen(upstream_req) as upstream_response: + upstream_json = json.load(upstream_response) + upstream = upstream_json['_embedded']['versions'][0]['name'] lockfile = host.file('/media/atl/downloads/confluence.'+upstream+'-x64.bin_completed') assert lockfile.exists diff --git a/roles/product_install/molecule/crowd_latest/tests/test_default.py b/roles/product_install/molecule/crowd_latest/tests/test_default.py index 34ffcbc..36e7215 100644 --- a/roles/product_install/molecule/crowd_latest/tests/test_default.py +++ b/roles/product_install/molecule/crowd_latest/tests/test_default.py @@ -24,25 +24,28 @@ def test_version_file_is_latest(host): verfile = host.file('/media/atl/crowd/shared/crowd.version') assert verfile.exists - upstream_fd = urllib.request.urlopen("https://marketplace.atlassian.com/rest/2/products/key/crowd/versions") - upstream_json = json.load(upstream_fd) - upstream = upstream_json['_embedded']['versions'][0]['name'] + upstream_req = urllib.request.Request("https://marketplace.atlassian.com/rest/2/products/key/crowd/versions") + with urllib.request.urlopen(upstream_req) as upstream_response: + upstream_json = json.load(upstream_response) + upstream = upstream_json['_embedded']['versions'][0]['name'] assert verfile.content.decode("UTF-8").strip() == upstream.strip() def test_latest_is_downloaded(host): - upstream_fd = urllib.request.urlopen("https://marketplace.atlassian.com/rest/2/products/key/crowd/versions") - upstream_json = json.load(upstream_fd) - upstream = upstream_json['_embedded']['versions'][0]['name'] + upstream_req = urllib.request.Request("https://marketplace.atlassian.com/rest/2/products/key/crowd/versions") + with urllib.request.urlopen(upstream_req) as upstream_response: + upstream_json = json.load(upstream_response) + upstream = upstream_json['_embedded']['versions'][0]['name'] installer = host.file('/media/atl/downloads/crowd.' + upstream + '.tar.gz') assert installer.exists assert installer.user == 'root' def test_completed_lockfile(host): - upstream_fd = urllib.request.urlopen("https://marketplace.atlassian.com/rest/2/products/key/crowd/versions") - upstream_json = json.load(upstream_fd) - upstream = upstream_json['_embedded']['versions'][0]['name'] + upstream_req = urllib.request.Request("https://marketplace.atlassian.com/rest/2/products/key/crowd/versions") + with urllib.request.urlopen(upstream_req) as upstream_response: + upstream_json = json.load(upstream_response) + upstream = upstream_json['_embedded']['versions'][0]['name'] lockfile = host.file('/media/atl/downloads/crowd.' + upstream + '.tar.gz_completed') assert lockfile.exists From 6dbc96cd6de83ab3ee45cce49a7cdee6a3ba7052 Mon Sep 17 00:00:00 2001 From: nghazalibeiklar Date: Thu, 23 Jun 2022 16:49:01 +1000 Subject: [PATCH 2/7] refactored the audit section --- .../bitbucket_latest/tests/test_default.py | 23 +++++++++---------- .../confluence_latest/tests/test_default.py | 23 +++++++++---------- .../crowd_latest/tests/test_default.py | 23 +++++++++---------- 3 files changed, 33 insertions(+), 36 deletions(-) diff --git a/roles/product_install/molecule/bitbucket_latest/tests/test_default.py b/roles/product_install/molecule/bitbucket_latest/tests/test_default.py index 37b33f9..7a2dddb 100644 --- a/roles/product_install/molecule/bitbucket_latest/tests/test_default.py +++ b/roles/product_install/molecule/bitbucket_latest/tests/test_default.py @@ -24,29 +24,28 @@ def test_version_file_is_latest(host): verfile = host.file('/media/atl/bitbucket/shared/bitbucket.version') assert verfile.exists - upstream_req = urllib.request.Request("https://marketplace.atlassian.com/rest/2/products/key/bitbucket/versions") - with urllib.request.urlopen(upstream_req) as upstream_response: - upstream_json = json.load(upstream_response) - upstream = upstream_json['_embedded']['versions'][0]['name'] + upstream = get_version("https://marketplace.atlassian.com/rest/2/products/key/bitbucket/versions") assert verfile.content.decode("UTF-8").strip() == upstream.strip() def test_latest_is_downloaded(host): - upstream_req = urllib.request.Request("https://marketplace.atlassian.com/rest/2/products/key/bitbucket/versions") - with urllib.request.urlopen(upstream_req) as upstream_response: - upstream_json = json.load(upstream_response) - upstream = upstream_json['_embedded']['versions'][0]['name'] + upstream = get_version("https://marketplace.atlassian.com/rest/2/products/key/bitbucket/versions") installer = host.file('/media/atl/downloads/bitbucket.' + upstream + '-x64.bin') assert installer.exists assert installer.user == 'root' def test_completed_lockfile(host): - upstream_req = urllib.request.Request("https://marketplace.atlassian.com/rest/2/products/key/bitbucket/versions") - with urllib.request.urlopen(upstream_req) as upstream_response: - upstream_json = json.load(upstream_response) - upstream = upstream_json['_embedded']['versions'][0]['name'] + upstream = get_version("https://marketplace.atlassian.com/rest/2/products/key/bitbucket/versions") lockfile = host.file('/media/atl/downloads/bitbucket.' + upstream + '-x64.bin_completed') assert lockfile.exists assert lockfile.user == 'root' + +def get_version(url): + assert url.lower().startswith('http') + upstream_req = urllib.request.Request(url) + with urllib.request.urlopen(upstream_req) as upstream_response: + upstream_json = json.load(upstream_response) + upstream = upstream_json['_embedded']['versions'][0]['name'] + return upstream diff --git a/roles/product_install/molecule/confluence_latest/tests/test_default.py b/roles/product_install/molecule/confluence_latest/tests/test_default.py index 6d59c2a..6509d77 100644 --- a/roles/product_install/molecule/confluence_latest/tests/test_default.py +++ b/roles/product_install/molecule/confluence_latest/tests/test_default.py @@ -24,29 +24,28 @@ def test_version_file_is_latest(host): verfile = host.file('/media/atl/confluence/shared-home/confluence.version') assert verfile.exists - upstream_req = urllib.request.Request("https://marketplace.atlassian.com/rest/2/products/key/confluence/versions") - with urllib.request.urlopen(upstream_req) as upstream_response: - upstream_json = json.load(upstream_response) - upstream = upstream_json['_embedded']['versions'][0]['name'] + upstream = get_version("https://marketplace.atlassian.com/rest/2/products/key/confluence/versions") assert verfile.content.decode("UTF-8").strip() == upstream.strip() def test_latest_is_downloaded(host): - upstream_req = urllib.request.Request("https://marketplace.atlassian.com/rest/2/products/key/confluence/versions") - with urllib.request.urlopen(upstream_req) as upstream_response: - upstream_json = json.load(upstream_response) - upstream = upstream_json['_embedded']['versions'][0]['name'] + upstream = get_version("https://marketplace.atlassian.com/rest/2/products/key/confluence/versions") installer = host.file('/media/atl/downloads/confluence.'+upstream+'-x64.bin') assert installer.exists assert installer.user == 'root' def test_completed_lockfile(host): - upstream_req = urllib.request.Request("https://marketplace.atlassian.com/rest/2/products/key/confluence/versions") - with urllib.request.urlopen(upstream_req) as upstream_response: - upstream_json = json.load(upstream_response) - upstream = upstream_json['_embedded']['versions'][0]['name'] + upstream = get_version("https://marketplace.atlassian.com/rest/2/products/key/confluence/versions") lockfile = host.file('/media/atl/downloads/confluence.'+upstream+'-x64.bin_completed') assert lockfile.exists assert lockfile.user == 'root' + +def get_version(url): + assert url.lower().startswith('http') + upstream_req = urllib.request.Request(url) + with urllib.request.urlopen(upstream_req) as upstream_response: + upstream_json = json.load(upstream_response) + upstream = upstream_json['_embedded']['versions'][0]['name'] + return upstream diff --git a/roles/product_install/molecule/crowd_latest/tests/test_default.py b/roles/product_install/molecule/crowd_latest/tests/test_default.py index 36e7215..dfb360e 100644 --- a/roles/product_install/molecule/crowd_latest/tests/test_default.py +++ b/roles/product_install/molecule/crowd_latest/tests/test_default.py @@ -24,29 +24,28 @@ def test_version_file_is_latest(host): verfile = host.file('/media/atl/crowd/shared/crowd.version') assert verfile.exists - upstream_req = urllib.request.Request("https://marketplace.atlassian.com/rest/2/products/key/crowd/versions") - with urllib.request.urlopen(upstream_req) as upstream_response: - upstream_json = json.load(upstream_response) - upstream = upstream_json['_embedded']['versions'][0]['name'] + upstream = get_version("https://marketplace.atlassian.com/rest/2/products/key/crowd/versions") assert verfile.content.decode("UTF-8").strip() == upstream.strip() def test_latest_is_downloaded(host): - upstream_req = urllib.request.Request("https://marketplace.atlassian.com/rest/2/products/key/crowd/versions") - with urllib.request.urlopen(upstream_req) as upstream_response: - upstream_json = json.load(upstream_response) - upstream = upstream_json['_embedded']['versions'][0]['name'] + upstream = get_version("https://marketplace.atlassian.com/rest/2/products/key/crowd/versions") installer = host.file('/media/atl/downloads/crowd.' + upstream + '.tar.gz') assert installer.exists assert installer.user == 'root' def test_completed_lockfile(host): - upstream_req = urllib.request.Request("https://marketplace.atlassian.com/rest/2/products/key/crowd/versions") - with urllib.request.urlopen(upstream_req) as upstream_response: - upstream_json = json.load(upstream_response) - upstream = upstream_json['_embedded']['versions'][0]['name'] + upstream = get_version("https://marketplace.atlassian.com/rest/2/products/key/crowd/versions") lockfile = host.file('/media/atl/downloads/crowd.' + upstream + '.tar.gz_completed') assert lockfile.exists assert lockfile.user == 'root' + +def get_version(url): + assert url.lower().startswith('http') + upstream_req = urllib.request.Request(url) + with urllib.request.urlopen(upstream_req) as upstream_response: + upstream_json = json.load(upstream_response) + upstream = upstream_json['_embedded']['versions'][0]['name'] + return upstream \ No newline at end of file From 0f08266af5bcd887988b2e9d165f5f11e7d5bb21 Mon Sep 17 00:00:00 2001 From: nghazalibeiklar Date: Thu, 23 Jun 2022 17:16:41 +1000 Subject: [PATCH 3/7] added nosec comment --- .../molecule/bitbucket_latest/tests/test_default.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/product_install/molecule/bitbucket_latest/tests/test_default.py b/roles/product_install/molecule/bitbucket_latest/tests/test_default.py index 7a2dddb..e602267 100644 --- a/roles/product_install/molecule/bitbucket_latest/tests/test_default.py +++ b/roles/product_install/molecule/bitbucket_latest/tests/test_default.py @@ -45,7 +45,7 @@ def test_completed_lockfile(host): def get_version(url): assert url.lower().startswith('http') upstream_req = urllib.request.Request(url) - with urllib.request.urlopen(upstream_req) as upstream_response: + with urllib.request.urlopen(upstream_req) as upstream_response: #nosec upstream_json = json.load(upstream_response) upstream = upstream_json['_embedded']['versions'][0]['name'] return upstream From 9897544c6114f300475e141acac969ac137ae90b Mon Sep 17 00:00:00 2001 From: nghazalibeiklar Date: Thu, 23 Jun 2022 17:23:58 +1000 Subject: [PATCH 4/7] test --- .../molecule/bitbucket_latest/tests/test_default.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/roles/product_install/molecule/bitbucket_latest/tests/test_default.py b/roles/product_install/molecule/bitbucket_latest/tests/test_default.py index e602267..1603a3d 100644 --- a/roles/product_install/molecule/bitbucket_latest/tests/test_default.py +++ b/roles/product_install/molecule/bitbucket_latest/tests/test_default.py @@ -43,8 +43,10 @@ def test_completed_lockfile(host): assert lockfile.user == 'root' def get_version(url): - assert url.lower().startswith('http') - upstream_req = urllib.request.Request(url) + if url.lower().startswith('http'): + upstream_req = urllib.request.Request(url) + else: + raise 2 from None with urllib.request.urlopen(upstream_req) as upstream_response: #nosec upstream_json = json.load(upstream_response) upstream = upstream_json['_embedded']['versions'][0]['name'] From 10d6ba3196f512c041d98571961358b297eacc3a Mon Sep 17 00:00:00 2001 From: nghazalibeiklar Date: Thu, 23 Jun 2022 17:34:49 +1000 Subject: [PATCH 5/7] added raising ValueErrort in case of bad url --- .../molecule/bitbucket_latest/tests/test_default.py | 2 +- .../molecule/confluence_latest/tests/test_default.py | 6 ++++-- .../molecule/crowd_latest/tests/test_default.py | 6 ++++-- 3 files changed, 9 insertions(+), 5 deletions(-) diff --git a/roles/product_install/molecule/bitbucket_latest/tests/test_default.py b/roles/product_install/molecule/bitbucket_latest/tests/test_default.py index 1603a3d..cffe337 100644 --- a/roles/product_install/molecule/bitbucket_latest/tests/test_default.py +++ b/roles/product_install/molecule/bitbucket_latest/tests/test_default.py @@ -46,7 +46,7 @@ def get_version(url): if url.lower().startswith('http'): upstream_req = urllib.request.Request(url) else: - raise 2 from None + raise ValueError from None with urllib.request.urlopen(upstream_req) as upstream_response: #nosec upstream_json = json.load(upstream_response) upstream = upstream_json['_embedded']['versions'][0]['name'] diff --git a/roles/product_install/molecule/confluence_latest/tests/test_default.py b/roles/product_install/molecule/confluence_latest/tests/test_default.py index 6509d77..bf2462d 100644 --- a/roles/product_install/molecule/confluence_latest/tests/test_default.py +++ b/roles/product_install/molecule/confluence_latest/tests/test_default.py @@ -43,8 +43,10 @@ def test_completed_lockfile(host): assert lockfile.user == 'root' def get_version(url): - assert url.lower().startswith('http') - upstream_req = urllib.request.Request(url) + if url.lower().startswith('http'): + upstream_req = urllib.request.Request(url) + else: + raise ValueError from None with urllib.request.urlopen(upstream_req) as upstream_response: upstream_json = json.load(upstream_response) upstream = upstream_json['_embedded']['versions'][0]['name'] diff --git a/roles/product_install/molecule/crowd_latest/tests/test_default.py b/roles/product_install/molecule/crowd_latest/tests/test_default.py index dfb360e..31e4c3c 100644 --- a/roles/product_install/molecule/crowd_latest/tests/test_default.py +++ b/roles/product_install/molecule/crowd_latest/tests/test_default.py @@ -43,8 +43,10 @@ def test_completed_lockfile(host): assert lockfile.user == 'root' def get_version(url): - assert url.lower().startswith('http') - upstream_req = urllib.request.Request(url) + if url.lower().startswith('http'): + upstream_req = urllib.request.Request(url) + else: + raise ValueError from None with urllib.request.urlopen(upstream_req) as upstream_response: upstream_json = json.load(upstream_response) upstream = upstream_json['_embedded']['versions'][0]['name'] From a4dec76f4752c29b43ba40e0eb120e529c29248a Mon Sep 17 00:00:00 2001 From: nghazalibeiklar Date: Mon, 27 Jun 2022 11:48:53 +1000 Subject: [PATCH 6/7] added try-exception for crowd_latest --- .../molecule/crowd_latest/tests/test_default.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/roles/product_install/molecule/crowd_latest/tests/test_default.py b/roles/product_install/molecule/crowd_latest/tests/test_default.py index 31e4c3c..ee51787 100644 --- a/roles/product_install/molecule/crowd_latest/tests/test_default.py +++ b/roles/product_install/molecule/crowd_latest/tests/test_default.py @@ -44,7 +44,10 @@ def test_completed_lockfile(host): def get_version(url): if url.lower().startswith('http'): - upstream_req = urllib.request.Request(url) + try: + upstream_req = urllib.request.Request(url) + except: + return None else: raise ValueError from None with urllib.request.urlopen(upstream_req) as upstream_response: From 6c1ff9f14012fb86cf26eaf04ce2fd71436dd7be Mon Sep 17 00:00:00 2001 From: nghazalibeiklar Date: Mon, 27 Jun 2022 11:54:40 +1000 Subject: [PATCH 7/7] Reverted all refactory related to tests --- .../bitbucket_latest/tests/test_default.py | 22 +++++++--------- .../confluence_latest/tests/test_default.py | 22 +++++++--------- .../crowd_latest/tests/test_default.py | 25 +++++++------------ 3 files changed, 27 insertions(+), 42 deletions(-) diff --git a/roles/product_install/molecule/bitbucket_latest/tests/test_default.py b/roles/product_install/molecule/bitbucket_latest/tests/test_default.py index cffe337..bb5b1d8 100644 --- a/roles/product_install/molecule/bitbucket_latest/tests/test_default.py +++ b/roles/product_install/molecule/bitbucket_latest/tests/test_default.py @@ -24,30 +24,26 @@ def test_version_file_is_latest(host): verfile = host.file('/media/atl/bitbucket/shared/bitbucket.version') assert verfile.exists - upstream = get_version("https://marketplace.atlassian.com/rest/2/products/key/bitbucket/versions") + upstream_fd = urllib.request.urlopen("https://marketplace.atlassian.com/rest/2/products/key/bitbucket/versions") + upstream_json = json.load(upstream_fd) + upstream = upstream_json['_embedded']['versions'][0]['name'] assert verfile.content.decode("UTF-8").strip() == upstream.strip() def test_latest_is_downloaded(host): - upstream = get_version("https://marketplace.atlassian.com/rest/2/products/key/bitbucket/versions") + upstream_fd = urllib.request.urlopen("https://marketplace.atlassian.com/rest/2/products/key/bitbucket/versions") + upstream_json = json.load(upstream_fd) + upstream = upstream_json['_embedded']['versions'][0]['name'] installer = host.file('/media/atl/downloads/bitbucket.' + upstream + '-x64.bin') assert installer.exists assert installer.user == 'root' def test_completed_lockfile(host): - upstream = get_version("https://marketplace.atlassian.com/rest/2/products/key/bitbucket/versions") + upstream_fd = urllib.request.urlopen("https://marketplace.atlassian.com/rest/2/products/key/bitbucket/versions") + upstream_json = json.load(upstream_fd) + upstream = upstream_json['_embedded']['versions'][0]['name'] lockfile = host.file('/media/atl/downloads/bitbucket.' + upstream + '-x64.bin_completed') assert lockfile.exists assert lockfile.user == 'root' - -def get_version(url): - if url.lower().startswith('http'): - upstream_req = urllib.request.Request(url) - else: - raise ValueError from None - with urllib.request.urlopen(upstream_req) as upstream_response: #nosec - upstream_json = json.load(upstream_response) - upstream = upstream_json['_embedded']['versions'][0]['name'] - return upstream diff --git a/roles/product_install/molecule/confluence_latest/tests/test_default.py b/roles/product_install/molecule/confluence_latest/tests/test_default.py index bf2462d..1b3ef88 100644 --- a/roles/product_install/molecule/confluence_latest/tests/test_default.py +++ b/roles/product_install/molecule/confluence_latest/tests/test_default.py @@ -24,30 +24,26 @@ def test_version_file_is_latest(host): verfile = host.file('/media/atl/confluence/shared-home/confluence.version') assert verfile.exists - upstream = get_version("https://marketplace.atlassian.com/rest/2/products/key/confluence/versions") + upstream_fd = urllib.request.urlopen("https://marketplace.atlassian.com/rest/2/products/key/confluence/versions") + upstream_json = json.load(upstream_fd) + upstream = upstream_json['_embedded']['versions'][0]['name'] assert verfile.content.decode("UTF-8").strip() == upstream.strip() def test_latest_is_downloaded(host): - upstream = get_version("https://marketplace.atlassian.com/rest/2/products/key/confluence/versions") + upstream_fd = urllib.request.urlopen("https://marketplace.atlassian.com/rest/2/products/key/confluence/versions") + upstream_json = json.load(upstream_fd) + upstream = upstream_json['_embedded']['versions'][0]['name'] installer = host.file('/media/atl/downloads/confluence.'+upstream+'-x64.bin') assert installer.exists assert installer.user == 'root' def test_completed_lockfile(host): - upstream = get_version("https://marketplace.atlassian.com/rest/2/products/key/confluence/versions") + upstream_fd = urllib.request.urlopen("https://marketplace.atlassian.com/rest/2/products/key/confluence/versions") + upstream_json = json.load(upstream_fd) + upstream = upstream_json['_embedded']['versions'][0]['name'] lockfile = host.file('/media/atl/downloads/confluence.'+upstream+'-x64.bin_completed') assert lockfile.exists assert lockfile.user == 'root' - -def get_version(url): - if url.lower().startswith('http'): - upstream_req = urllib.request.Request(url) - else: - raise ValueError from None - with urllib.request.urlopen(upstream_req) as upstream_response: - upstream_json = json.load(upstream_response) - upstream = upstream_json['_embedded']['versions'][0]['name'] - return upstream diff --git a/roles/product_install/molecule/crowd_latest/tests/test_default.py b/roles/product_install/molecule/crowd_latest/tests/test_default.py index ee51787..34ffcbc 100644 --- a/roles/product_install/molecule/crowd_latest/tests/test_default.py +++ b/roles/product_install/molecule/crowd_latest/tests/test_default.py @@ -24,33 +24,26 @@ def test_version_file_is_latest(host): verfile = host.file('/media/atl/crowd/shared/crowd.version') assert verfile.exists - upstream = get_version("https://marketplace.atlassian.com/rest/2/products/key/crowd/versions") + upstream_fd = urllib.request.urlopen("https://marketplace.atlassian.com/rest/2/products/key/crowd/versions") + upstream_json = json.load(upstream_fd) + upstream = upstream_json['_embedded']['versions'][0]['name'] assert verfile.content.decode("UTF-8").strip() == upstream.strip() def test_latest_is_downloaded(host): - upstream = get_version("https://marketplace.atlassian.com/rest/2/products/key/crowd/versions") + upstream_fd = urllib.request.urlopen("https://marketplace.atlassian.com/rest/2/products/key/crowd/versions") + upstream_json = json.load(upstream_fd) + upstream = upstream_json['_embedded']['versions'][0]['name'] installer = host.file('/media/atl/downloads/crowd.' + upstream + '.tar.gz') assert installer.exists assert installer.user == 'root' def test_completed_lockfile(host): - upstream = get_version("https://marketplace.atlassian.com/rest/2/products/key/crowd/versions") + upstream_fd = urllib.request.urlopen("https://marketplace.atlassian.com/rest/2/products/key/crowd/versions") + upstream_json = json.load(upstream_fd) + upstream = upstream_json['_embedded']['versions'][0]['name'] lockfile = host.file('/media/atl/downloads/crowd.' + upstream + '.tar.gz_completed') assert lockfile.exists assert lockfile.user == 'root' - -def get_version(url): - if url.lower().startswith('http'): - try: - upstream_req = urllib.request.Request(url) - except: - return None - else: - raise ValueError from None - with urllib.request.urlopen(upstream_req) as upstream_response: - upstream_json = json.load(upstream_response) - upstream = upstream_json['_embedded']['versions'][0]['name'] - return upstream \ No newline at end of file