Exemple #1
0
    def pull_image(self, image, remote_image_obj, **kwargs):
        assert(isinstance(remote_image_obj, Image))
        debug = kwargs.get('debug', False)
        if image.startswith("dockertar:"):
            path = image.replace("dockertar:", "", 1)
            with open(path, 'rb') as f:
                self.d.load_image(data=f)
            return 0
        fq_name = remote_image_obj.fq_name
        local_image = self.has_image(image)
        if local_image is not None:
            if self.already_has_image(local_image, remote_image_obj):
                raise util.ImageAlreadyExists(image)
        registry, _, _, tag, _ = util.Decompose(fq_name).all
        image = "docker-daemon:{}".format(fq_name)
        if not image.endswith(tag):
            image += ":{}".format(tag)
        if '@sha256:' in image:
            image = image.replace("@sha256:", ":")

        insecure = True if util.is_insecure_registry(self.d.info()['RegistryConfig'], util.strip_port(registry)) else False
        trust = Trust()
        trust.discover_sigstore(fq_name)
        util.write_out("Pulling {} ...".format(fq_name))
        util.skopeo_copy("docker://{}".format(fq_name), image, debug=debug, insecure=insecure,
                         policy_filename=trust.policy_filename)
        return 0
Exemple #2
0
    def pull_image(self, image, remote_image_obj, **kwargs):
        """
        Pulls an image to the backend
        :param image:
        :param pull_args:
        :return:
        """
        debug = kwargs.get('debug', False)
        fq_name = remote_image_obj.fq_name
        registry, _, _, tag, _ = util.Decompose(fq_name).all
        if not image.endswith(tag):
            image += ":{}".format(tag)
        if '@sha256:' in image:
            image = image.replace("@sha256:", ":")

        insecure = False
        registries_config = util.load_registries_from_yaml()
        if "insecure_registries" in registries_config:
            if registry in registries_config['insecure_registries']:
                insecure = True
        source = "docker://{}".format(image)
        dest = "containers-storage:{}".format(image)
        trust = Trust()
        trust.discover_sigstore(fq_name)
        util.write_out("Pulling {} ...".format(fq_name))
        util.skopeo_copy(source, dest, debug=debug, insecure=insecure, policy_filename=trust.policy_filename)
        return 0
Exemple #3
0
 def TrustDelete(self, registry, sigstoretype):
     trust = Trust()
     args = self.Args()
     args.sigstoretype = sigstoretype
     args.registry = registry
     trust.set_args(args)
     trust.delete()
Exemple #4
0
 def test_trust_gpg_email_id(self):
     args = self.Args()
     testobj = Trust(policy_filename=os.path.join(FIXTURE_DIR, "show_policy.json"))
     testobj.atomic_config = util.get_atomic_config(atomic_config=os.path.join(FIXTURE_DIR, "atomic.conf"))
     testobj.set_args(args)
     actual = testobj.get_gpg_id(args.pubkeys)
     self.assertEqual("*****@*****.**", actual)
Exemple #5
0
 def pull_image(self, image, **kwargs):
     debug = kwargs.get("debug", False)
     if image.startswith("dockertar:"):
         path = image.replace("dockertar:", "", 1)
         with open(path, "rb") as f:
             self.d.load_image(data=f)
         return 0
     remote_image = self.make_remote_image(image)
     fq_name = remote_image.fq_name
     local_image = self.has_image(image)
     if local_image is not None:
         if self.already_has_image(local_image, remote_image):
             raise ValueError("Latest version of {} already present.".format(image))
     registry, _, _, tag, _ = util.Decompose(fq_name).all
     image = "docker-daemon:{}".format(image)
     if not image.endswith(tag):
         image += ":{}".format(tag)
     insecure = (
         True if util.is_insecure_registry(self.d.info()["RegistryConfig"], util.strip_port(registry)) else False
     )
     trust = Trust()
     trust.discover_sigstore(fq_name)
     util.write_out("Pulling {} ...".format(fq_name))
     util.skopeo_copy(
         "docker://{}".format(fq_name), image, debug=debug, insecure=insecure, policy_filename=trust.policy_filename
     )
     return 0
Exemple #6
0
    def pull_image(self, image, remote_image_obj, **kwargs):
        assert(isinstance(remote_image_obj, Image))
        debug = kwargs.get('debug', False)
        if image.startswith("dockertar:"):
            path = image.replace("dockertar:", "", 1)
            with open(path, 'rb') as f:
                self.d.load_image(data=f)
            return 0
        fq_name = remote_image_obj.fq_name
        local_image = self.has_image(image)
        if local_image is not None:
            if self.already_has_image(local_image, remote_image_obj):
                raise util.ImageAlreadyExists(image)
        registry, _, _, tag, _ = util.Decompose(fq_name).all
        image = "docker-daemon:{}".format(fq_name)
        if not image.endswith(tag):
            image += ":{}".format(tag)
        if '@sha256:' in image:
            image = image.replace("@sha256:", ":")

        src_creds = kwargs.get('src_creds')
        insecure = True if util.is_insecure_registry(self.d.info()['RegistryConfig'], registry) else False
        trust = Trust()
        trust.discover_sigstore(fq_name)
        util.write_out("Pulling {} ...".format(fq_name))
        util.skopeo_copy("docker://{}".format(fq_name), image, debug=debug, insecure=insecure,
                         policy_filename=trust.policy_filename, src_creds=src_creds)
        return 0
Exemple #7
0
    def pull_image(self, image, remote_image_obj, **kwargs):
        """
        Pulls an image to the backend
        :param image:
        :param pull_args:
        :return:
        """
        debug = kwargs.get('debug', False)
        fq_name = remote_image_obj.fq_name
        registry, _, _, tag, _ = util.Decompose(fq_name).all
        if not image.endswith(tag):
            image += ":{}".format(tag)
        if '@sha256:' in image:
            image = image.replace("@sha256:", ":")

        insecure = False
        registries_config = util.load_registries_from_yaml()
        if "insecure_registries" in registries_config:
            if registry in registries_config['insecure_registries']:
                insecure = True
        source = "docker://{}".format(image)
        dest = "containers-storage:{}".format(image)
        trust = Trust()
        trust.discover_sigstore(fq_name)
        util.write_out("Pulling {} ...".format(fq_name))
        util.skopeo_copy(source,
                         dest,
                         debug=debug,
                         insecure=insecure,
                         policy_filename=trust.policy_filename)
        return 0
Exemple #8
0
 def test_add_repo_sigstore(self):
     testobj = Trust(policy_filename=TEST_POLICY)
     testobj.atomic_config = util.get_atomic_config(atomic_config=os.path.join(FIXTURE_DIR, "atomic.conf"))
     testobj.modify_registry_config("docker.io/repo", "docker", "https://sigstore.acme.com/sigs")
     with open(os.path.join(FIXTURE_DIR, "configs/docker.io-repo.yaml"), "r") as f:
         conf_expected = yaml.load(f)
     with open(os.path.join(FIXTURE_DIR, "etc/containers/registries.d/docker.io-repo.yaml"), "r") as f:
         conf_modified = yaml.load(f)
     self.assertEqual(conf_expected, conf_modified)
Exemple #9
0
 def test_setup_default_policy(self):
     args = self.Args()
     args.sigstoretype = "web"
     testobj = Trust()
     testobj.set_args(args)
     with open(os.path.join(FIXTURE_DIR, "default_policy.json"), "r") as default:
         policy_default = json.load(default)
     policy_default = testobj.check_policy(policy_default, "docker")
     policy_expected = {"default": [{"type": "insecureAcceptAnything"}], "transports": {"docker": {}}}
     self.assertEqual(policy_default, policy_expected)
Exemple #10
0
 def TrustAdd(self, registry, trusttype, pubkeys, keytype, sigstore, sigstoretype):
     trust = Trust()
     args = self.Args()
     args.registry = registry
     args.pubkeys = pubkeys
     args.keytype = keytype
     args.trust_type = trusttype
     args.sigstoretype = sigstoretype
     args.sigstore = sigstore
     trust.set_args(args)
     trust.add()
Exemple #11
0
 def test_update_registry_sigstore(self):
     testobj = Trust(policy_filename=TEST_POLICY)
     testobj.atomic_config = util.get_atomic_config(
         atomic_config=os.path.join(FIXTURE_DIR, "atomic.conf"))
     testobj.modify_registry_config("docker.io", "docker",
                                    "https://sigstore.example.com/update")
     with open(os.path.join(FIXTURE_DIR, "configs/docker.io.updated.yaml"),
               'r') as f:
         conf_expected = yaml.load(f)
     with open(
             os.path.join(FIXTURE_DIR,
                          "etc/containers/registries.d/docker.io.yaml"),
             'r') as f:
         conf_modified = yaml.load(f)
     self.assertEqual(conf_expected, conf_modified)
Exemple #12
0
 def test_setup_default_policy(self):
     args = self.Args()
     args.sigstoretype = "web"
     testobj = Trust()
     testobj.set_args(args)
     with open(os.path.join(FIXTURE_DIR, "default_policy.json"),
               'r') as default:
         policy_default = json.load(default)
     policy_default = testobj.check_policy(policy_default, "docker")
     policy_expected = {
         "default": [{
             "type": "insecureAcceptAnything"
         }],
         "transports": {
             "docker": {}
         }
     }
     self.assertEqual(policy_default, policy_expected)
Exemple #13
0
    def pull_image(self, image, pull_args):
        # Add this when atomic registry is incorporated.
        # if self.args.reg_type == "atomic":
        #     pull_uri = 'atomic:'
        # else:
        #     pull_uri = 'docker://'
        img_obj = self._make_remote_image(image)
        fq_name = img_obj.fq_name
        insecure = True if util.is_insecure_registry(self.d.info()['RegistryConfig'], util.strip_port(img_obj.registry)) else False

        # This needs to be re-enabled with Aaron's help
        trust = Trust()
        trust.set_args(pull_args)
        trust.discover_sigstore(fq_name)

        util.write_out("Pulling {} ...".format(fq_name))
        util.skopeo_copy("docker://{}".format(fq_name),
                         "docker-daemon:{}".format(image),
                         debug=pull_args.debug, insecure=insecure,
                         policy_filename=pull_args.policy_filename)
Exemple #14
0
 def TrustDelete(self, registry, sigstoretype):
     trust = Trust()
     args = self.Args()
     args.sigstoretype = sigstoretype
     args.registry = registry
     trust.set_args(args)
     trust.delete()
Exemple #15
0
 def test_trust_gpg_email_id(self):
     args = self.Args()
     testobj = Trust(
         policy_filename=os.path.join(FIXTURE_DIR, "show_policy.json"))
     testobj.atomic_config = util.get_atomic_config(
         atomic_config=os.path.join(FIXTURE_DIR, "atomic.conf"))
     testobj.set_args(args)
     actual = testobj.get_gpg_id(args.pubkeys)
     self.assertEqual("*****@*****.**", actual)
Exemple #16
0
 def test_add_trust_keys(self):
     args = self.Args()
     args.sigstore = None
     testobj = Trust(policy_filename=TEST_POLICY)
     testobj.atomic_config = util.get_atomic_config(
         atomic_config=os.path.join(FIXTURE_DIR, "atomic.conf"))
     testobj.set_args(args)
     testobj.add()
     with open(testobj.policy_filename, 'r') as f:
         d = json.load(f)
         self.assertEqual(
             d["transports"]["atomic"]["docker.io"][0]["keyPath"],
             os.path.join(FIXTURE_DIR, "key1.pub"))
Exemple #17
0
 def test_trust_show(self):
     args = self.Args()
     testobj = Trust(
         policy_filename=os.path.join(FIXTURE_DIR, "show_policy.json"))
     testobj.atomic_config = util.get_atomic_config(
         atomic_config=os.path.join(FIXTURE_DIR, "atomic.conf"))
     testobj.set_args(args)
     with self.captured_output() as (out, _):
         testobj.show()
     with open(os.path.join(FIXTURE_DIR, "show_policy.output"), 'r') as f:
         expected = f.read()
         actual = out.getvalue()
         self.assertEqual(expected, actual)
Exemple #18
0
 def test_delete_trust(self):
     args = self.Args()
     args.pubkeys = []
     args.sigstoretype = "web"
     args.registry = "registry.example.com/foo"
     args.pubkeys = None
     testobj = Trust(policy_filename=TEST_POLICY)
     testobj.atomic_config = util.get_atomic_config(
         atomic_config=os.path.join(FIXTURE_DIR, "atomic.conf"))
     testobj.set_args(args)
     testobj.delete()
     with open(testobj.policy_filename, 'r') as f:
         d = json.load(f)
         self.assertNotIn(args.registry, d["transports"]["docker"])
Exemple #19
0
 def test_trust_show(self):
     args = self.Args()
     testobj = Trust(policy_filename=os.path.join(FIXTURE_DIR, "show_policy.json"))
     testobj.atomic_config = util.get_atomic_config(atomic_config=os.path.join(FIXTURE_DIR, "atomic.conf"))
     testobj.set_args(args)
     with self.captured_output() as (out, _):
         testobj.show()
     with open(os.path.join(FIXTURE_DIR, "show_policy.output"), "r") as f:
         expected = f.read()
         actual = out.getvalue()
         self.assertEqual(expected, actual)
Exemple #20
0
 def test_add_trust_keys(self):
     args = self.Args()
     args.sigstore = None
     testobj = Trust(policy_filename = TEST_POLICY)
     testobj.atomic_config = util.get_atomic_config(atomic_config = os.path.join(FIXTURE_DIR, "atomic.conf"))
     testobj.set_args(args)
     testobj.add()
     with open(testobj.policy_filename, 'r') as f:
         d = json.load(f)
         self.assertEqual(d["transports"]["atomic"]["docker.io"][0]["keyPath"], 
                          os.path.join(FIXTURE_DIR, "key1.pub"))
Exemple #21
0
 def TrustAdd(self, registry, trusttype, pubkeys, keytype, sigstore, sigstoretype):
     trust = Trust()
     args = self.Args()
     args.registry = registry
     args.pubkeys = pubkeys
     args.keytype = keytype
     args.trust_type = trusttype
     args.sigstoretype = sigstoretype
     args.sigstore = sigstore
     trust.set_args(args)
     trust.add()
Exemple #22
0
 def test_add_reject_type(self):
     args = self.Args()
     args.trust_type = "reject"
     args.sigstoretype = "web"
     args.pubkeys = []
     args.registry = "registry.example.com/foo"
     testobj = Trust(policy_filename=TEST_POLICY)
     testobj.atomic_config = util.get_atomic_config(
         atomic_config=os.path.join(FIXTURE_DIR, "atomic.conf"))
     testobj.set_args(args)
     testobj.add()
     with open(testobj.policy_filename, 'r') as f:
         d = json.load(f)
         self.assertEqual(
             d["transports"]["docker"][args.registry][0]["type"],
             args.trust_type)
Exemple #23
0
 def test_add_reject_type(self):
     args = self.Args()
     args.trust_type = "reject"
     args.sigstoretype = "web"
     args.pubkeys = []
     args.registry = "registry.example.com/foo"
     testobj = Trust(policy_filename=TEST_POLICY)
     testobj.atomic_config = util.get_atomic_config(atomic_config=os.path.join(FIXTURE_DIR, "atomic.conf"))
     testobj.set_args(args)
     testobj.add()
     with open(testobj.policy_filename, "r") as f:
         d = json.load(f)
         self.assertEqual(d["transports"]["docker"][args.registry][0]["type"], args.trust_type)
Exemple #24
0
 def test_delete_trust(self):
     args = self.Args()
     args.pubkeys = []
     args.sigstoretype = "web"
     args.registry = "registry.example.com/foo"
     args.pubkeys = None
     testobj = Trust(policy_filename=TEST_POLICY)
     testobj.atomic_config = util.get_atomic_config(atomic_config=os.path.join(FIXTURE_DIR, "atomic.conf"))
     testobj.set_args(args)
     testobj.delete()
     with open(testobj.policy_filename, "r") as f:
         d = json.load(f)
         self.assertNotIn(args.registry, d["transports"]["docker"])
Exemple #25
0
    def pull_image(self, image, pull_args):
        # Add this when atomic registry is incorporated.
        # if self.args.reg_type == "atomic":
        #     pull_uri = 'atomic:'
        # else:
        #     pull_uri = 'docker://'
        img_obj = self._make_remote_image(image)
        fq_name = img_obj.fq_name
        insecure = True if util.is_insecure_registry(
            self.d.info()['RegistryConfig'], util.strip_port(
                img_obj.registry)) else False

        # This needs to be re-enabled with Aaron's help
        trust = Trust()
        trust.set_args(pull_args)
        trust.discover_sigstore(fq_name)

        util.write_out("Pulling {} ...".format(fq_name))
        util.skopeo_copy("docker://{}".format(fq_name),
                         "docker-daemon:{}".format(image),
                         debug=pull_args.debug,
                         insecure=insecure,
                         policy_filename=pull_args.policy_filename)
Exemple #26
0
 def test_sigstoretype_map_web(self):
     testobj = Trust()
     self.assertEqual(testobj.get_sigstore_type_map("web"), "docker")
Exemple #27
0
 def test_sigstoretype_map_local(self):
     testobj = Trust()
     self.assertEqual(testobj.get_sigstore_type_map("local"), "dir")
Exemple #28
0
 def test_sigstoretype_map_local(self):
     testobj = Trust()
     self.assertEqual(testobj.get_sigstore_type_map("local"), "dir")
Exemple #29
0
 def test_sigstoretype_map_web(self):
     testobj = Trust()
     self.assertEqual(testobj.get_sigstore_type_map("web"), "docker")
Exemple #30
0
 def TrustShow(self):
     trust = Trust()
     args = self.Args()
     trust.set_args(args)
     return json.dumps(trust.show_json())
Exemple #31
0
 def TrustDefaultPolicy(self, default_policy):
     trust = Trust()
     args = self.Args()
     args.default_policy = default_policy
     trust.set_args(args)
     return trust.modify_default()
Exemple #32
0
 def TrustDefaultPolicy(self, default_policy):
     trust = Trust()
     args = self.Args()
     args.default_policy = default_policy
     trust.set_args(args)
     return trust.modify_default()
Exemple #33
0
 def TrustShow(self):
     trust = Trust()
     args = self.Args()
     trust.set_args(args)
     return json.dumps(trust.show_json())