def test_create_pod_with_private_image(): """Deploys a pod with a private Docker image, using Mesos containerizer.""" if not common.is_enterprise_cli_package_installed(): common.install_enterprise_cli_package() username = os.environ['DOCKER_HUB_USERNAME'] password = os.environ['DOCKER_HUB_PASSWORD'] secret_name = "pullConfig" secret_value_json = common.create_docker_pull_config_json( username, password) secret_value = json.dumps(secret_value_json) pod_def = pods.private_docker_pod() pod_id = pod_def['id'] common.create_secret(secret_name, secret_value) client = marathon.create_client() try: client.add_pod(pod_def) common.deployment_wait(timeout=timedelta(minutes=5).total_seconds(), service_id=pod_id) pod = client.show_pod(pod_id) assert pod is not None, "The pod has not been created" finally: common.delete_secret(secret_name)
def test_private_repository_mesos_app(): """Deploys an app with a private Docker image, using Mesos containerizer.""" if not common.is_enterprise_cli_package_installed(): common.install_enterprise_cli_package() username = os.environ['DOCKER_HUB_USERNAME'] password = os.environ['DOCKER_HUB_PASSWORD'] secret_name = "pullConfig" secret_value_json = common.create_docker_pull_config_json(username, password) secret_value = json.dumps(secret_value_json) app_def = apps.private_ucr_docker_app() # In strict mode all tasks are started as user `nobody` by default and `nobody` # doesn't have permissions to write to /var/log within the container. if shakedown.ee_version() == 'strict': app_def['user'] = '******' common.add_dcos_marathon_root_user_acls() common.create_secret(secret_name, secret_value) client = marathon.create_client() try: client.add_app(app_def) shakedown.deployment_wait() common.assert_app_tasks_running(client, app_def) finally: common.delete_secret(secret_name)
def test_pod_secret_env_var(secret_fixture): # Install enterprise-cli since it's needed to create secrets if not common.is_enterprise_cli_package_installed(): common.install_enterprise_cli_package() secret_name, secret_value = secret_fixture pod_id = '/{}'.format(uuid.uuid4().hex) pod_def = { "id": pod_id, "containers": [{ "name": "container-1", "resources": { "cpus": 0.1, "mem": 64 }, "endpoints": [{ "name": "http", "hostPort": 0, "protocol": ["tcp"] }], "exec": { "command": { "shell": "echo $SECRET_ENV && echo $SECRET_ENV >> $MESOS_SANDBOX/secret-env && /opt/mesosphere/bin/python -m http.server $ENDPOINT_HTTP" } } }], "environment": { "SECRET_ENV": { "secret": "secret1" } }, "networks": [{ "mode": "host" }], "secrets": { "secret1": { "source": secret_name } } } client = marathon.create_client() client.add_pod(pod_def) shakedown.deployment_wait() instances = client.show_pod(pod_id)['instances'] assert len( instances) == 1, 'Failed to start the secret environment variable pod' port = instances[0]['containers'][0]['endpoints'][0]['allocatedHostPort'] host = instances[0]['networks'][0]['addresses'][0] cmd = "curl {}:{}/secret-env".format(host, port) status, data = shakedown.run_command_on_master(cmd) assert status, "{} did not succeed".format(cmd) assert data.rstrip() == secret_value
def test_create_pod_with_private_image(): """Deploys a pod with a private Docker image, using Mesos containerizer.""" if not common.is_enterprise_cli_package_installed(): common.install_enterprise_cli_package() username = os.environ['DOCKER_HUB_USERNAME'] password = os.environ['DOCKER_HUB_PASSWORD'] secret_name = "pullconfig" secret_value_json = common.create_docker_pull_config_json(username, password) secret_value = json.dumps(secret_value_json) pod_def = pods.private_docker_pod() pod_id = pod_def['id'] common.create_secret(secret_name, secret_value) client = marathon.create_client() try: client.add_pod(pod_def) common.deployment_wait(timeout=timedelta(minutes=5).total_seconds(), service_id=pod_id) pod = client.show_pod(pod_id) assert pod is not None, "The pod has not been created" finally: common.delete_secret(secret_name)
def test_private_repository_mesos_app(): """ Test private docker registry with mesos containerizer using "config" container's image field.""" requires_marathon_version("1.5") if not common.is_enterprise_cli_package_installed(): common.install_enterprise_cli_package() username = os.environ['DOCKER_HUB_USERNAME'] password = os.environ['DOCKER_HUB_PASSWORD'] secret_name = "dockerPullConfig" secret_value_json = common.create_docker_pull_config_json(username, password) secret_value = json.dumps(secret_value_json) client = marathon.create_client() common.create_secret(secret_name, secret_value) try: app_def = common.private_mesos_container_app(secret_name) client.add_app(app_def) shakedown.deployment_wait() common.assert_app_tasks_running(client, app_def) finally: common.delete_secret(secret_name)
def test_private_repository_mesos_app(): """Deploys an app with a private Docker image, using Mesos containerizer.""" if not common.is_enterprise_cli_package_installed(): common.install_enterprise_cli_package() username = os.environ['DOCKER_HUB_USERNAME'] password = os.environ['DOCKER_HUB_PASSWORD'] secret_name = "pullConfig" secret_value_json = common.create_docker_pull_config_json( username, password) secret_value = json.dumps(secret_value_json) app_def = apps.private_ucr_docker_app() # Here we're starting an nignx server in a container. In a strict mode however # all tasks are started as user `nobody` and `nobody` doesn't have permissions # to write to /var/log within the container. To avoid this we override the cmd # with a simple `sleep`. This is a hacky workaround but the test is still valid # since we're testing `pullConfig` feature. if shakedown.ee_version() == 'strict': app_def['cmd'] = 'sleep 10000000' common.create_secret(secret_name, secret_value) client = marathon.create_client() try: client.add_app(app_def) shakedown.deployment_wait() common.assert_app_tasks_running(client, app_def) finally: common.delete_secret(secret_name)
def test_pod_secret_env_var(secret_fixture): # Install enterprise-cli since it's needed to create secrets if not common.is_enterprise_cli_package_installed(): common.install_enterprise_cli_package() secret_name, secret_value = secret_fixture pod_id = '/{}'.format(uuid.uuid4().hex) pod_def = { "id": pod_id, "containers": [{ "name": "container-1", "resources": { "cpus": 0.1, "mem": 64 }, "endpoints": [{ "name": "http", "hostPort": 0, "protocol": [ "tcp" ]} ], "exec": { "command": { "shell": "echo $SECRET_ENV && echo $SECRET_ENV >> $MESOS_SANDBOX/secret-env && /opt/mesosphere/bin/python -m http.server $ENDPOINT_HTTP" } } }], "environment": { "SECRET_ENV": { "secret": "secret1" } }, "networks": [{ "mode": "host" }], "secrets": { "secret1": { "source": secret_name } } } client = marathon.create_client() client.add_pod(pod_def) shakedown.deployment_wait() instances = client.show_pod(pod_id)['instances'] assert len(instances) == 1, 'Failed to start the secret environment variable pod' port = instances[0]['containers'][0]['endpoints'][0]['allocatedHostPort'] host = instances[0]['networks'][0]['addresses'][0] cmd = "curl {}:{}/secret-env".format(host, port) status, data = shakedown.run_command_on_master(cmd) assert status, "{} did not succeed".format(cmd) assert data.rstrip() == secret_value
def secret_fixture(): if not common.is_enterprise_cli_package_installed(): common.install_enterprise_cli_package() secret_name = '/mysecret' secret_value = 'super_secret_password' common.create_secret(secret_name, secret_value) yield secret_name, secret_value common.delete_secret(secret_name)
def secret_fixture(): if not common.is_enterprise_cli_package_installed(): common.install_enterprise_cli_package() secret_name = '/mysecret' secret_value = 'super_secret_password' common.create_secret(secret_name, secret_value) yield secret_name, secret_value common.delete_secret(secret_name)
def test_app_secret_env_var(secret_fixture): # Install enterprise-cli since it's needed to create secrets if not common.is_enterprise_cli_package_installed(): common.install_enterprise_cli_package() secret_name, secret_value = secret_fixture app_id = uuid.uuid4().hex app_def = { "id": app_id, "instances": 1, "cpus": 0.1, "mem": 64, "cmd": "echo $SECRET_ENV >> $MESOS_SANDBOX/secret-env && /opt/mesosphere/bin/python -m http.server $PORT_API", "env": { "SECRET_ENV": { "secret": "secret1" } }, "portDefinitions": [{ "port": 0, "protocol": "tcp", "name": "api", "labels": {} }], "secrets": { "secret1": { "source": secret_name } } } client = marathon.create_client() client.add_app(app_def) shakedown.deployment_wait() tasks = client.get_tasks(app_id) assert len(tasks) == 1, 'Failed to start the secret environment variable app' port = tasks[0]['ports'][0] host = tasks[0]['host'] cmd = "curl {}:{}/secret-env".format(host, port) status, data = shakedown.run_command_on_master(cmd) assert status, "{} did not succeed".format(cmd) assert data.rstrip() == secret_value
def test_create_pod_with_private_image(): if not common.is_enterprise_cli_package_installed(): common.install_enterprise_cli_package() username = os.environ['DOCKER_HUB_USERNAME'] password = os.environ['DOCKER_HUB_PASSWORD'] secret_name = "dockerPullConfig" secret_value_json = common.create_docker_pull_config_json(username, password) secret_value = json.dumps(secret_value_json) client = marathon.create_client() common.create_secret(secret_name, secret_value) try: pod_def = common.private_docker_pod(secret_name) client.add_pod(pod_def) shakedown.deployment_wait(timeout=timedelta(minutes=5).total_seconds()) pod = client.show_pod(pod_def["id"]) assert pod is not None finally: common.delete_secret(secret_name)
def test_private_repository_mesos_app(): """Deploys an app with a private Docker image, using Mesos containerizer.""" if not common.is_enterprise_cli_package_installed(): common.install_enterprise_cli_package() username = os.environ['DOCKER_HUB_USERNAME'] password = os.environ['DOCKER_HUB_PASSWORD'] secret_name = "pullConfig" secret_value_json = common.create_docker_pull_config_json(username, password) secret_value = json.dumps(secret_value_json) app_def = apps.private_ucr_docker_app() common.create_secret(secret_name, secret_value) client = marathon.create_client() try: client.add_app(app_def) shakedown.deployment_wait() common.assert_app_tasks_running(client, app_def) finally: common.delete_secret(secret_name)
def ensure_prerequisites_installed(): if not common.is_enterprise_cli_package_installed(): common.install_enterprise_cli_package() assert common.is_enterprise_cli_package_installed()
def test_pod_file_based_secret(secret_fixture): # Install enterprise-cli since it's needed to create secrets if not common.is_enterprise_cli_package_installed(): common.install_enterprise_cli_package() secret_name, secret_value = secret_fixture secret_normalized_name = secret_name.replace('/', '') pod_id = '/{}'.format(uuid.uuid4().hex) pod_def = { "id": pod_id, "containers": [{ "name": "container-1", "resources": { "cpus": 0.1, "mem": 64 }, "endpoints": [{ "name": "http", "hostPort": 0, "protocol": ["tcp"] }], "exec": { "command": { "shell": "cat {} >> {}_file && /opt/mesosphere/bin/python -m http.server $ENDPOINT_HTTP" .format(secret_normalized_name, secret_normalized_name), } }, "volumeMounts": [{ "name": "vol", "mountPath": secret_name }], }], "networks": [{ "mode": "host" }], "volumes": [{ "name": "vol", "secret": "secret1" }], "secrets": { "secret1": { "source": secret_name } } } client = marathon.create_client() client.add_pod(pod_def) shakedown.deployment_wait() instances = client.show_pod(pod_id)['instances'] assert len(instances) == 1, 'Failed to start the file based secret pod' port = instances[0]['containers'][0]['endpoints'][0]['allocatedHostPort'] host = instances[0]['networks'][0]['addresses'][0] cmd = "curl {}:{}/{}_file".format(host, port, secret_normalized_name) status, data = shakedown.run_command_on_master(cmd) assert status, "{} did not succeed".format(cmd) assert data.rstrip() == secret_value
def test_pod_file_based_secret(secret_fixture): # Install enterprise-cli since it's needed to create secrets if not common.is_enterprise_cli_package_installed(): common.install_enterprise_cli_package() secret_name, secret_value = secret_fixture secret_normalized_name = secret_name.replace('/', '') pod_id = '/{}'.format(uuid.uuid4().hex) pod_def = { "id": pod_id, "containers": [{ "name": "container-1", "resources": { "cpus": 0.1, "mem": 64 }, "endpoints": [{ "name": "http", "hostPort": 0, "protocol": [ "tcp" ]} ], "exec": { "command": { "shell": "cat {} >> {}_file && /opt/mesosphere/bin/python -m http.server $ENDPOINT_HTTP".format(secret_normalized_name, secret_normalized_name), } }, "volumeMounts": [{ "name": "vol", "mountPath": secret_name }], }], "networks": [{ "mode": "host" }], "volumes": [{ "name": "vol", "secret": "secret1" }], "secrets": { "secret1": { "source": secret_name } } } client = marathon.create_client() client.add_pod(pod_def) shakedown.deployment_wait() instances = client.show_pod(pod_id)['instances'] assert len(instances) == 1, 'Failed to start the file based secret pod' port = instances[0]['containers'][0]['endpoints'][0]['allocatedHostPort'] host = instances[0]['networks'][0]['addresses'][0] cmd = "curl {}:{}/{}_file".format(host, port, secret_normalized_name) status, data = shakedown.run_command_on_master(cmd) assert status, "{} did not succeed".format(cmd) assert data.rstrip() == secret_value