diff --git a/releasetool/github.py b/releasetool/github.py index 9de4f6c3..6159a308 100644 --- a/releasetool/github.py +++ b/releasetool/github.py @@ -103,7 +103,9 @@ def get_installation_access_token( } private_key_bytes = private_key_str.encode() - private_key = default_backend().load_pem_private_key(private_key_bytes, None) + private_key = default_backend().load_pem_private_key( + private_key_bytes, None, unsafe_skip_rsa_key_validation=False + ) app_jwt = jwt.encode(payload, private_key, algorithm="RS256") headers = { diff --git a/requirements.txt b/requirements.txt index c7bd8318..8a98c9bc 100644 --- a/requirements.txt +++ b/requirements.txt @@ -14,9 +14,9 @@ bleach==4.1.0 \ # via # -r requirements.in # readme-renderer -cachetools==5.2.0 \ - --hash=sha256:6a94c6402995a99c3970cc7e4884bb60b4a8639938157eeed436098bf9831757 \ - --hash=sha256:f9f17d2aec496a9aa6b76f53e3b614c965223c061982d434d160f930c698a9db +cachetools==4.2.4 \ + --hash=sha256:89ea6f1b638d5a73a4f9226be57ac5e4f399d22770b92355f92dcb0f7f001693 \ + --hash=sha256:92971d3cb7d2a97efff7c7bb1657f21a8f5fb309a37530537c71b1774189f2d1 # via # -r requirements.in # google-auth @@ -102,33 +102,30 @@ colorama==0.4.5 \ --hash=sha256:854bf444933e37f5824ae7bfc1e98d5bce2ebe4160d46b5edf346a89358e99da \ --hash=sha256:e6c6b4334fc50988a639d9b98aa429a0b57da6e17b9a44f0451f930b6967b7a4 # via twine -cryptography==38.0.4 \ - --hash=sha256:0e70da4bdff7601b0ef48e6348339e490ebfb0cbe638e083c9c41fb49f00c8bd \ - --hash=sha256:10652dd7282de17990b88679cb82f832752c4e8237f0c714be518044269415db \ - --hash=sha256:175c1a818b87c9ac80bb7377f5520b7f31b3ef2a0004e2420319beadedb67290 \ - --hash=sha256:1d7e632804a248103b60b16fb145e8df0bc60eed790ece0d12efe8cd3f3e7744 \ - --hash=sha256:1f13ddda26a04c06eb57119caf27a524ccae20533729f4b1e4a69b54e07035eb \ - --hash=sha256:2ec2a8714dd005949d4019195d72abed84198d877112abb5a27740e217e0ea8d \ - --hash=sha256:2fa36a7b2cc0998a3a4d5af26ccb6273f3df133d61da2ba13b3286261e7efb70 \ - --hash=sha256:2fb481682873035600b5502f0015b664abc26466153fab5c6bc92c1ea69d478b \ - --hash=sha256:3178d46f363d4549b9a76264f41c6948752183b3f587666aff0555ac50fd7876 \ - --hash=sha256:4367da5705922cf7070462e964f66e4ac24162e22ab0a2e9d31f1b270dd78083 \ - --hash=sha256:4eb85075437f0b1fd8cd66c688469a0c4119e0ba855e3fef86691971b887caf6 \ - --hash=sha256:50a1494ed0c3f5b4d07650a68cd6ca62efe8b596ce743a5c94403e6f11bf06c1 \ - --hash=sha256:53049f3379ef05182864d13bb9686657659407148f901f3f1eee57a733fb4b00 \ - --hash=sha256:6391e59ebe7c62d9902c24a4d8bcbc79a68e7c4ab65863536127c8a9cd94043b \ - --hash=sha256:67461b5ebca2e4c2ab991733f8ab637a7265bb582f07c7c88914b5afb88cb95b \ - --hash=sha256:78e47e28ddc4ace41dd38c42e6feecfdadf9c3be2af389abbfeef1ff06822285 \ - --hash=sha256:80ca53981ceeb3241998443c4964a387771588c4e4a5d92735a493af868294f9 \ - --hash=sha256:8a4b2bdb68a447fadebfd7d24855758fe2d6fecc7fed0b78d190b1af39a8e3b0 \ - --hash=sha256:8e45653fb97eb2f20b8c96f9cd2b3a0654d742b47d638cf2897afbd97f80fa6d \ - --hash=sha256:998cd19189d8a747b226d24c0207fdaa1e6658a1d3f2494541cb9dfbf7dcb6d2 \ - --hash=sha256:a10498349d4c8eab7357a8f9aa3463791292845b79597ad1b98a543686fb1ec8 \ - --hash=sha256:b4cad0cea995af760f82820ab4ca54e5471fc782f70a007f31531957f43e9dee \ - --hash=sha256:bfe6472507986613dc6cc00b3d492b2f7564b02b3b3682d25ca7f40fa3fd321b \ - --hash=sha256:c9e0d79ee4c56d841bd4ac6e7697c8ff3c8d6da67379057f29e66acffcd1e9a7 \ - --hash=sha256:ca57eb3ddaccd1112c18fc80abe41db443cc2e9dcb1917078e02dfa010a4f353 \ - --hash=sha256:ce127dd0a6a0811c251a6cddd014d292728484e530d80e872ad9806cfb1c5b3c +cryptography==39.0.1 \ + --hash=sha256:0f8da300b5c8af9f98111ffd512910bc792b4c77392a9523624680f7956a99d4 \ + --hash=sha256:35f7c7d015d474f4011e859e93e789c87d21f6f4880ebdc29896a60403328f1f \ + --hash=sha256:4789d1e3e257965e960232345002262ede4d094d1a19f4d3b52e48d4d8f3b885 \ + --hash=sha256:5aa67414fcdfa22cf052e640cb5ddc461924a045cacf325cd164e65312d99502 \ + --hash=sha256:5d2d8b87a490bfcd407ed9d49093793d0f75198a35e6eb1a923ce1ee86c62b41 \ + --hash=sha256:6687ef6d0a6497e2b58e7c5b852b53f62142cfa7cd1555795758934da363a965 \ + --hash=sha256:6f8ba7f0328b79f08bdacc3e4e66fb4d7aab0c3584e0bd41328dce5262e26b2e \ + --hash=sha256:706843b48f9a3f9b9911979761c91541e3d90db1ca905fd63fee540a217698bc \ + --hash=sha256:807ce09d4434881ca3a7594733669bd834f5b2c6d5c7e36f8c00f691887042ad \ + --hash=sha256:83e17b26de248c33f3acffb922748151d71827d6021d98c70e6c1a25ddd78505 \ + --hash=sha256:96f1157a7c08b5b189b16b47bc9db2332269d6680a196341bf30046330d15388 \ + --hash=sha256:aec5a6c9864be7df2240c382740fcf3b96928c46604eaa7f3091f58b878c0bb6 \ + --hash=sha256:b0afd054cd42f3d213bf82c629efb1ee5f22eba35bf0eec88ea9ea7304f511a2 \ + --hash=sha256:c5caeb8188c24888c90b5108a441c106f7faa4c4c075a2bcae438c6e8ca73cef \ + --hash=sha256:ced4e447ae29ca194449a3f1ce132ded8fcab06971ef5f618605aacaa612beac \ + --hash=sha256:d1f6198ee6d9148405e49887803907fe8962a23e6c6f83ea7d98f1c0de375695 \ + --hash=sha256:e124352fd3db36a9d4a21c1aa27fd5d051e621845cb87fb851c08f4f75ce8be6 \ + --hash=sha256:e422abdec8b5fa8462aa016786680720d78bdce7a30c652b7fadf83a4ba35336 \ + --hash=sha256:ef8b72fa70b348724ff1218267e7f7375b8de4e8194d1636ee60510aae104cd0 \ + --hash=sha256:f0c64d1bd842ca2633e74a1a28033d139368ad959872533b1bab8c80e8240a0c \ + --hash=sha256:f24077a3b5298a5a06a8e0536e3ea9ec60e4c7ac486755e5fb6e6ea9b3500106 \ + --hash=sha256:fdd188c8a6ef8769f148f88f859884507b954cc64db6b52f66ef199bb9ad660a \ + --hash=sha256:fe913f20024eb2cb2f323e42a64bdf2911bb9738a15dba7d3cce48151034e3a8 # via # -r requirements.in # secretstorage @@ -322,9 +319,9 @@ python-dateutil==2.8.2 \ --hash=sha256:0123cacc1627ae19ddf3c27a5de5bd67ee4586fbdd6440d9748f8abb483d3e86 \ --hash=sha256:961d03dc3453ebbc59dbdea9e4e11c5651520a876d0f4db161e8674aae935da9 # via -r requirements.in -readme-renderer==37.3 \ - --hash=sha256:cd653186dfc73055656f090f227f5cb22a046d7f71a841dfa305f55c9a513273 \ - --hash=sha256:f67a16caedfa71eef48a31b39708637a6f4664c4394801a7b0d6432d13907343 +readme-renderer==34.0 \ + --hash=sha256:262510fe6aae81ed4e94d8b169077f325614c0b1a45916a80442c6576264a9c2 \ + --hash=sha256:dfb4d17f21706d145f7473e0b61ca245ba58e810cf9b2209a48239677f82e5b0 # via # -r requirements.in # twine diff --git a/tests/test_github.py b/tests/test_github.py new file mode 100644 index 00000000..9957f526 --- /dev/null +++ b/tests/test_github.py @@ -0,0 +1,37 @@ +# Copyright 2023 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +from releasetool import github +import pathlib +import requests_mock + + +def test_app_credentials(): + with requests_mock.Mocker() as m: + m.post( + "https://api.github.com/app/installations/my-installation-id/access_tokens", + status_code=201, + json={ + "token": "remote-access-token", + }, + ) + + private_key = ( + pathlib.Path(__file__).parent / "testdata" / "fake-private-key.pem" + ).read_text() + token = github.get_installation_access_token( + "my-app-id", "my-installation-id", private_key + ) + assert token == "remote-access-token" diff --git a/tests/testdata/fake-private-key.pem b/tests/testdata/fake-private-key.pem new file mode 100644 index 00000000..9b524141 --- /dev/null +++ b/tests/testdata/fake-private-key.pem @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICWgIBAAKBgGCmk6xUrFM3e8qS3gph31HusC/JmSf7+7+sG/8POpg/8gzBVq2m +zcEGubHJWwWZHKxrDVKkyZc3G3u7XSD1+N+hh+LDf1Kt4JccDV5OJXZ6tCedjH6Z +Ty1qX8nxb6SF8GZctypTzA5lZk2VVVeR5ficnKDGCngReUOYXCmXoRplAgMBAAEC +gYBWE0QlD+vA2QL4cEArQureTxK+HG63+2RDWYY9a1Slzx1EWtNVJ97Kb7DlMwxL +OgcdTuG4nmWitENXuI/CEQ2pEKNmUAKMqorhSHqL5mFJi7Oe5m8guNqM4ClvJlCS +UKgj6v6B7uEPDsMEojvNllJElyBcw2ld4Ji6VN4LxsleKQJBALjICFD514yYdjtg +3n8gJpZI9vIFTIwDnLcClIzZAfJwXU1hyaY7jVQKif9VOjUDZr3DGek8tPNeqIVb +Xa9aH4MCQQCF5uK0YSk1yxBBzzoS+5fAAkNI0qYwBNPAoFhwZ+TT0y0S3enRI+m6 +5iYKOwef7E2QVYXUEOhvUIiKUAQFBxH3AkBRcxr3VqnEt4+mLNTmhG194Tu5Aszz +CsSRhvmj/CP3kcAO1APm2mk5mkup2Q+HPrCTBOTvAmtgu2DdJ6DsInWxAkBptNi5 +n45h6hm+ajKlc7rbmK23WpxZgiYMhkjrDAmoc6i8oTWJpjlJE5FqOCmPxYOB8xIA +VQy5e7Eex4Y01d0HAkA9c6tb9jFxFHQdcSSM02UuZAjA+YiboO5znl4FCC6lpgBd +irnvYZ5sD2Ba6baUW2/IqQwuTL/t1QJpqbwwuJi5 +-----END RSA PRIVATE KEY----- \ No newline at end of file