def test_build(self, mock_client):
     # test that self.client.build was called with proper arguments
     self.client = DockerClient()
     self.client.build('ozzy/embryo:git-f3a8020', {'POWERED_BY': 'Deis'},
                       'ozzy/embryo', 'v4')
     docker_build = self.client.client.build
     self.assertTrue(docker_build.called)
     args = {
         "rm": True,
         "tag": u'localhost:5000/ozzy/embryo:v4',
         "stream": True
     }
     kwargs = docker_build.call_args[1]
     self.assertDictContainsSubset(args, kwargs)
     # test that the fileobj arg to "docker build" contains a correct Dockerfile
     f = kwargs['fileobj']
     self.assertEqual(
         f.read(), "FROM ozzy/embryo:git-f3a8020\nENV POWERED_BY=\"Deis\"")
     # Test that blacklisted image names can't be built
     with self.assertRaises(PermissionDenied):
         self.client.build('deis/controller:v1.11.1', {}, 'deis/controller',
                           'v1.11.1')
     with self.assertRaises(PermissionDenied):
         self.client.build('localhost:5000/deis/controller:v1.11.1', {},
                           'deis/controller', 'v1.11.1')
 def test_publish_release(self, mock_client):
     self.client = DockerClient()
     self.client.publish_release('ozzy/embryo:git-f2a8020',
                                 {'POWERED_BY': 'Deis'}, 'ozzy/embryo:v4',
                                 True)
     self.assertTrue(self.client.client.pull.called)
     self.assertTrue(self.client.client.tag.called)
     self.assertTrue(self.client.client.build.called)
     self.assertTrue(self.client.client.push.called)
     # Test that a registry host prefix is replaced with deis-registry for the target
     self.client.publish_release('ozzy/embryo:git-f2a8020',
                                 {'POWERED_BY': 'Deis'},
                                 'quay.io/ozzy/embryo:v4', True)
     docker_push = self.client.client.push
     docker_push.assert_called_with('localhost:5000/ozzy/embryo',
                                    tag='v4',
                                    insecure_registry=True,
                                    stream=True)
     # Test that blacklisted image names can't be published
     with self.assertRaises(PermissionDenied):
         self.client.publish_release('deis/controller:v1.11.1', {},
                                     'deis/controller:v1.11.1', True)
     with self.assertRaises(PermissionDenied):
         self.client.publish_release(
             'localhost:5000/deis/controller:v1.11.1', {},
             'deis/controller:v1.11.1', True)
Exemple #3
0
 def test_push(self, mock_client):
     self.client = DockerClient()
     self.client.push('ozzy/embryo', 'v4')
     docker_push = self.client.client.push
     docker_push.assert_called_once_with('ozzy/embryo',
                                         tag='v4',
                                         decode=True,
                                         stream=True)
Exemple #4
0
 def test_pull(self, mock_client):
     self.client = DockerClient()
     self.client.pull('alpine', '3.2')
     docker_pull = self.client.client.pull
     docker_pull.assert_called_once_with(
         'alpine', tag='3.2', insecure_registry=True, stream=True)
     # Test that blacklisted image names can't be pulled
     with self.assertRaises(PermissionDenied):
         self.client.pull('deis/controller', 'v1.11.1')
     with self.assertRaises(PermissionDenied):
         self.client.pull('localhost:5000/deis/controller', 'v1.11.1')
Exemple #5
0
 def test_tag(self, mock_client):
     self.client = DockerClient()
     self.client.tag('ozzy/embryo:git-f2a8020', 'ozzy/embryo', 'v4')
     docker_tag = self.client.client.tag
     docker_tag.assert_called_once_with(
         'ozzy/embryo:git-f2a8020', 'ozzy/embryo', tag='v4', force=True)
     # Test that blacklisted image names can't be tagged
     with self.assertRaises(PermissionDenied):
         self.client.tag('deis/controller:v1.11.1', 'deis/controller', 'v1.11.1')
     with self.assertRaises(PermissionDenied):
         self.client.tag('localhost:5000/deis/controller:v1.11.1', 'deis/controller', 'v1.11.1')
Exemple #6
0
    def test_publish_release(self, mock_client):
        self.client = DockerClient()

        # Make sure login is not called when there are no creds
        publish_release('ozzy/embryo:git-f2a8020', 'ozzy/embryo:v4', False)
        self.assertFalse(self.client.client.login.called)

        creds = {
            'username': '******',
            'password': '******',
            'email': 'fake',
            'registry': 'quay.io'
        }

        client = {}
        client['Status'] = 'Login Succeeded'
        self.client.client.login.return_value = client
        publish_release('ozzy/embryo:git-f2a8020', 'ozzy/embryo:v4', False,
                        creds)
        self.assertTrue(self.client.client.login.called)
        self.assertTrue(self.client.client.pull.called)
        self.assertTrue(self.client.client.tag.called)
        self.assertTrue(self.client.client.push.called)

        publish_release('ozzy/embryo:git-f2a8020', 'ozzy/embryo:v4', True)
        self.assertTrue(self.client.client.pull.called)
        self.assertTrue(self.client.client.tag.called)
        self.assertTrue(self.client.client.push.called)

        # Test that a registry host prefix is replaced with deis-registry for the target
        publish_release('ozzy/embryo:git-f2a8020', 'quay.io/ozzy/embryo:v4',
                        True)
        docker_push = self.client.client.push
        docker_push.assert_called_with('localhost:5000/ozzy/embryo',
                                       tag='v4',
                                       insecure_registry=True,
                                       decode=True,
                                       stream=True)

        # Test that blacklisted image names can't be published
        with self.assertRaises(PermissionDenied):
            publish_release('deis/controller:v1.11.1',
                            'deis/controller:v1.11.1', True)
        with self.assertRaises(PermissionDenied):
            publish_release('localhost:5000/deis/controller:v1.11.1',
                            'deis/controller:v1.11.1', True)
Exemple #7
0
 def test_pull(self, mock_client):
     self.client = DockerClient()
     self.client.pull('alpine', '3.2')
     docker_pull = self.client.client.pull
     docker_pull.assert_called_once_with('alpine', tag='3.2', decode=True, stream=True)
     # Test that blacklisted image names can't be pulled
     with self.assertRaises(PermissionDenied):
         self.client.pull('deis/controller', 'v1.11.1')
     with self.assertRaises(PermissionDenied):
         self.client.pull('localhost:5000/deis/controller', 'v1.11.1')
Exemple #8
0
 def test_tag(self, mock_client):
     self.client = DockerClient()
     self.client.tag('ozzy/embryo:git-f2a8020', 'ozzy/embryo', 'v4')
     docker_tag = self.client.client.tag
     docker_tag.assert_called_once_with(
         'ozzy/embryo:git-f2a8020', 'ozzy/embryo', tag='v4', force=True)
     # Test that blacklisted image names can't be tagged
     with self.assertRaises(PermissionDenied):
         self.client.tag('deis/controller:v1.11.1', 'deis/controller', 'v1.11.1')
     with self.assertRaises(PermissionDenied):
         self.client.tag('localhost:5000/deis/controller:v1.11.1', 'deis/controller', 'v1.11.1')
Exemple #9
0
    def test_get_port(self, mock_client):
        self.client = DockerClient()

        # Make sure login is not called when there are no creds
        get_port('ozzy/embryo:git-f2a8020', False)
        self.assertFalse(self.client.client.login.called)

        creds = {
            'username': '******',
            'password': '******',
            'email': 'fake',
            'registry': 'quay.io'
        }

        client = {}
        client['Status'] = 'Login Succeeded'
        self.client.client.login.return_value = client
        get_port('ozzy/embryo:git-f2a8020', False, creds)
        self.assertTrue(self.client.client.login.called)
        self.assertTrue(self.client.client.pull.called)
        self.assertTrue(self.client.client.inspect_image.called)
Exemple #10
0
    def test_login_bad_creds(self, mock_client):
        self.client = DockerClient()

        # missing parts of credentials
        with self.assertRaises(PermissionDenied):
            creds = {
                'username': '******',
                'email': 'fake',
                'registry': 'quay.io'
            }
            self.client.login('quay.io/deis/foobar', creds)

        # bad credentials
        with self.assertRaises(PermissionDenied):
            creds = {
                'username': '******',
                'password': '******',
                'email': 'fake',
                'registry': 'quay.io'
            }
            self.client.login('quay.io/deis/foobar', creds)
Exemple #11
0
    def test_login_failed(self, mock_client):
        self.client = DockerClient()

        # failed login
        client = {}
        client['Status'] = 'Login Failed'
        self.client.client.login.return_value = client

        creds = {
            'username': '******',
            'password': '******',
            'email': 'fake',
            'registry': 'quay.io'
        }

        with self.assertRaises(PermissionDenied):
            self.client.login('quay.io/deis/foobar', creds)
            docker_login = self.client.client.login
            docker_login.assert_called_with(username='******',
                                            password='******',
                                            email='fake',
                                            registry='quay.io')
Exemple #12
0
    def test_tag(self, mock_client):
        self.client = DockerClient()
        self.client.tag('ozzy/embryo:git-f2a8020', 'ozzy/embryo', 'v4')
        docker_tag = self.client.client.tag
        docker_tag.assert_called_once_with('ozzy/embryo:git-f2a8020',
                                           'ozzy/embryo',
                                           tag='v4',
                                           force=True)

        # fake failed tag
        self.client.client.tag.return_value = False
        with self.assertRaises(RegistryException):
            self.client.tag('foo/bar:latest', 'foo/bar', 'v1.11.1')

        # Test that blacklisted image names can't be tagged
        with self.assertRaises(PermissionDenied):
            self.client.tag('deis/controller:v1.11.1', 'deis/controller',
                            'v1.11.1')

        with self.assertRaises(PermissionDenied):
            self.client.tag('localhost:5000/deis/controller:v1.11.1',
                            'deis/controller', 'v1.11.1')
Exemple #13
0
    def test_login(self, mock_client):
        self.client = DockerClient()

        # success
        client = {}
        client['Status'] = 'Login Succeeded'
        self.client.client.login.return_value = client

        creds = {
            'username': '******',
            'password': '******',
            'email': 'fake',
            'registry': 'quay.io'
        }
        self.client.login('quay.io/deis/foobar', creds)
        docker_login = self.client.client.login
        docker_login.assert_called_with(username='******',
                                        password='******',
                                        email='fake',
                                        registry='quay.io')

        # username matches
        client = {}
        client['username'] = '******'
        self.client.client.login.return_value = client

        creds = {
            'username': '******',
            'password': '******',
            'email': 'fake',
            'registry': 'quay.io'
        }
        self.client.login('quay.io/deis/foobar', creds)
        docker_login = self.client.client.login
        docker_login.assert_called_with(username='******',
                                        password='******',
                                        email='fake',
                                        registry='quay.io')
Exemple #14
0
    def test_tag(self, mock_client):
        self.client = DockerClient()
        self.client.tag('ozzy/embryo:git-f2a8020', 'ozzy/embryo', 'v4')
        docker_tag = self.client.client.tag
        docker_tag.assert_called_once_with(
            'ozzy/embryo:git-f2a8020', 'ozzy/embryo', tag='v4', force=True)

        # fake failed tag
        self.client.client.tag.return_value = False
        with self.assertRaises(RegistryException):
            self.client.tag('foo/bar:latest', 'foo/bar', 'v1.11.1')

        # Test that blacklisted image names can't be tagged
        with self.assertRaises(PermissionDenied):
            self.client.tag('deis/controller:v1.11.1', 'deis/controller', 'v1.11.1')

        with self.assertRaises(PermissionDenied):
            self.client.tag('localhost:5000/deis/controller:v1.11.1', 'deis/controller', 'v1.11.1')
Exemple #15
0
 def test_publish_release(self, mock_client):
     self.client = DockerClient()
     self.client.publish_release('ozzy/embryo:git-f2a8020', 'ozzy/embryo:v4', True)
     self.assertTrue(self.client.client.pull.called)
     self.assertTrue(self.client.client.tag.called)
     self.assertTrue(self.client.client.push.called)
     # Test that a registry host prefix is replaced with deis-registry for the target
     self.client.publish_release('ozzy/embryo:git-f2a8020', 'quay.io/ozzy/embryo:v4', True)
     docker_push = self.client.client.push
     docker_push.assert_called_with(
         'localhost:5000/ozzy/embryo', tag='v4', insecure_registry=True, stream=True)
     # Test that blacklisted image names can't be published
     with self.assertRaises(PermissionDenied):
         self.client.publish_release(
             'deis/controller:v1.11.1', 'deis/controller:v1.11.1', True)
     with self.assertRaises(PermissionDenied):
         self.client.publish_release(
             'localhost:5000/deis/controller:v1.11.1', 'deis/controller:v1.11.1', True)
Exemple #16
0
 def test_build(self, mock_client):
     # test that self.client.build was called with proper arguments
     self.client = DockerClient()
     self.client.build('ozzy/embryo:git-f3a8020', {'POWERED_BY': 'Deis'}, 'ozzy/embryo', 'v4')
     docker_build = self.client.client.build
     self.assertTrue(docker_build.called)
     args = {"rm": True, "tag": u'localhost:5000/ozzy/embryo:v4', "stream": True}
     kwargs = docker_build.call_args[1]
     self.assertDictContainsSubset(args, kwargs)
     # test that the fileobj arg to "docker build" contains a correct Dockerfile
     f = kwargs['fileobj']
     self.assertEqual(f.read(), "FROM ozzy/embryo:git-f3a8020\nENV POWERED_BY='Deis'")
     # Test that blacklisted image names can't be built
     with self.assertRaises(PermissionDenied):
         self.client.build('deis/controller:v1.11.1', {}, 'deis/controller', 'v1.11.1')
     with self.assertRaises(PermissionDenied):
         self.client.build(
             'localhost:5000/deis/controller:v1.11.1', {}, 'deis/controller', 'v1.11.1')
Exemple #17
0
    def test_publish_release(self, mock_client):
        self.client = DockerClient()

        # Make sure login is not called when there are no creds
        publish_release('ozzy/embryo:git-f2a8020', 'ozzy/embryo:v4', False)
        self.assertFalse(self.client.client.login.called)

        creds = {
            'username': '******',
            'password': '******',
            'email': 'fake',
            'registry': 'quay.io'
        }

        client = {}
        client['Status'] = 'Login Succeeded'
        self.client.client.login.return_value = client
        publish_release('ozzy/embryo:git-f2a8020', 'ozzy/embryo:v4', False, creds)
        self.assertTrue(self.client.client.login.called)
        self.assertTrue(self.client.client.pull.called)
        self.assertTrue(self.client.client.tag.called)
        self.assertTrue(self.client.client.push.called)

        publish_release('ozzy/embryo:git-f2a8020', 'ozzy/embryo:v4', True)
        self.assertTrue(self.client.client.pull.called)
        self.assertTrue(self.client.client.tag.called)
        self.assertTrue(self.client.client.push.called)

        # Test that a registry host prefix is replaced with deis-registry for the target
        publish_release('ozzy/embryo:git-f2a8020', 'quay.io/ozzy/embryo:v4', True)
        docker_push = self.client.client.push
        docker_push.assert_called_with(
            'localhost:5000/ozzy/embryo', tag='v4', insecure_registry=True,
            decode=True, stream=True)

        # Test that blacklisted image names can't be published
        with self.assertRaises(PermissionDenied):
            publish_release(
                'deis/controller:v1.11.1', 'deis/controller:v1.11.1', True)
        with self.assertRaises(PermissionDenied):
            publish_release(
                'localhost:5000/deis/controller:v1.11.1', 'deis/controller:v1.11.1', True)
Exemple #18
0
    def test_login_bad_creds(self, mock_client):
        self.client = DockerClient()

        # missing parts of credentials
        with self.assertRaises(PermissionDenied):
            creds = {
                'username': '******',
                'email': 'fake',
                'registry': 'quay.io'
            }
            self.client.login('quay.io/deis/foobar', creds)

        # bad credentials
        with self.assertRaises(PermissionDenied):
            creds = {
                'username': '******',
                'password': '******',
                'email': 'fake',
                'registry': 'quay.io'
            }
            self.client.login('quay.io/deis/foobar', creds)
Exemple #19
0
    def test_get_port(self, mock_client):
        self.client = DockerClient()

        # Make sure login is not called when there are no creds
        get_port('ozzy/embryo:git-f2a8020', False)
        self.assertFalse(self.client.client.login.called)

        creds = {
            'username': '******',
            'password': '******',
            'email': 'fake',
            'registry': 'quay.io'
        }

        client = {}
        client['Status'] = 'Login Succeeded'
        self.client.client.login.return_value = client
        get_port('ozzy/embryo:git-f2a8020', False, creds)
        self.assertTrue(self.client.client.login.called)
        self.assertTrue(self.client.client.pull.called)
        self.assertTrue(self.client.client.inspect_image.called)
Exemple #20
0
    def test_login_failed(self, mock_client):
        self.client = DockerClient()

        # failed login
        client = {}
        client['Status'] = 'Login Failed'
        self.client.client.login.return_value = client

        creds = {
            'username': '******',
            'password': '******',
            'email': 'fake',
            'registry': 'quay.io'
        }

        with self.assertRaises(PermissionDenied):
            self.client.login('quay.io/deis/foobar', creds)
            docker_login = self.client.client.login
            docker_login.assert_called_with(
                username='******', password='******',
                email='fake', registry='quay.io'
            )
Exemple #21
0
    def test_login(self, mock_client):
        self.client = DockerClient()

        # success
        client = {}
        client['Status'] = 'Login Succeeded'
        self.client.client.login.return_value = client

        creds = {
            'username': '******',
            'password': '******',
            'email': 'fake',
            'registry': 'quay.io'
        }
        self.client.login('quay.io/deis/foobar', creds)
        docker_login = self.client.client.login
        docker_login.assert_called_with(
            username='******', password='******',
            email='fake', registry='quay.io'
        )

        # username matches
        client = {}
        client['username'] = '******'
        self.client.client.login.return_value = client

        creds = {
            'username': '******',
            'password': '******',
            'email': 'fake',
            'registry': 'quay.io'
        }
        self.client.login('quay.io/deis/foobar', creds)
        docker_login = self.client.client.login
        docker_login.assert_called_with(
            username='******', password='******',
            email='fake', registry='quay.io'
        )
Exemple #22
0
class DockerClientTest(unittest.TestCase):
    """Test that the client makes appropriate Docker engine API calls."""
    def setUp(self):
        settings.REGISTRY_HOST, settings.REGISTRY_PORT = 'localhost', 5000

    def test_get_port(self, mock_client):
        self.client = DockerClient()

        # Make sure login is not called when there are no creds
        get_port('ozzy/embryo:git-f2a8020', False)
        self.assertFalse(self.client.client.login.called)

        creds = {
            'username': '******',
            'password': '******',
            'email': 'fake',
            'registry': 'quay.io'
        }

        client = {}
        client['Status'] = 'Login Succeeded'
        self.client.client.login.return_value = client
        get_port('ozzy/embryo:git-f2a8020', False, creds)
        self.assertTrue(self.client.client.login.called)
        self.assertTrue(self.client.client.pull.called)
        self.assertTrue(self.client.client.inspect_image.called)

    def test_publish_release(self, mock_client):
        self.client = DockerClient()

        # Make sure login is not called when there are no creds
        publish_release('ozzy/embryo:git-f2a8020', 'ozzy/embryo:v4', False)
        self.assertFalse(self.client.client.login.called)

        creds = {
            'username': '******',
            'password': '******',
            'email': 'fake',
            'registry': 'quay.io'
        }

        client = {}
        client['Status'] = 'Login Succeeded'
        self.client.client.login.return_value = client
        publish_release('ozzy/embryo:git-f2a8020', 'ozzy/embryo:v4', False,
                        creds)
        self.assertTrue(self.client.client.login.called)
        self.assertTrue(self.client.client.pull.called)
        self.assertTrue(self.client.client.tag.called)
        self.assertTrue(self.client.client.push.called)

        publish_release('ozzy/embryo:git-f2a8020', 'ozzy/embryo:v4', True)
        self.assertTrue(self.client.client.pull.called)
        self.assertTrue(self.client.client.tag.called)
        self.assertTrue(self.client.client.push.called)

        # Test that a registry host prefix is replaced with deis-registry for the target
        publish_release('ozzy/embryo:git-f2a8020', 'quay.io/ozzy/embryo:v4',
                        True)
        docker_push = self.client.client.push
        docker_push.assert_called_with('localhost:5000/ozzy/embryo',
                                       tag='v4',
                                       decode=True,
                                       stream=True)

        # Test that blacklisted image names can't be published
        with self.assertRaises(PermissionDenied):
            publish_release('deis/controller:v1.11.1',
                            'deis/controller:v1.11.1', True)
        with self.assertRaises(PermissionDenied):
            publish_release('localhost:5000/deis/controller:v1.11.1',
                            'deis/controller:v1.11.1', True)

    def test_login(self, mock_client):
        self.client = DockerClient()

        # success
        client = {}
        client['Status'] = 'Login Succeeded'
        self.client.client.login.return_value = client

        creds = {
            'username': '******',
            'password': '******',
            'email': 'fake',
            'registry': 'quay.io'
        }
        self.client.login('quay.io/deis/foobar', creds)
        docker_login = self.client.client.login
        docker_login.assert_called_with(username='******',
                                        password='******',
                                        email='fake',
                                        registry='quay.io')

        # username matches
        client = {}
        client['username'] = '******'
        self.client.client.login.return_value = client

        creds = {
            'username': '******',
            'password': '******',
            'email': 'fake',
            'registry': 'quay.io'
        }
        self.client.login('quay.io/deis/foobar', creds)
        docker_login = self.client.client.login
        docker_login.assert_called_with(username='******',
                                        password='******',
                                        email='fake',
                                        registry='quay.io')

    def test_login_failed(self, mock_client):
        self.client = DockerClient()

        # failed login
        client = {}
        client['Status'] = 'Login Failed'
        self.client.client.login.return_value = client

        creds = {
            'username': '******',
            'password': '******',
            'email': 'fake',
            'registry': 'quay.io'
        }

        with self.assertRaises(PermissionDenied):
            self.client.login('quay.io/deis/foobar', creds)
            docker_login = self.client.client.login
            docker_login.assert_called_with(username='******',
                                            password='******',
                                            email='fake',
                                            registry='quay.io')

    def test_login_bad_creds(self, mock_client):
        self.client = DockerClient()

        # missing parts of credentials
        with self.assertRaises(PermissionDenied):
            creds = {
                'username': '******',
                'email': 'fake',
                'registry': 'quay.io'
            }
            self.client.login('quay.io/deis/foobar', creds)

        # bad credentials
        with self.assertRaises(PermissionDenied):
            creds = {
                'username': '******',
                'password': '******',
                'email': 'fake',
                'registry': 'quay.io'
            }
            self.client.login('quay.io/deis/foobar', creds)

    def test_pull(self, mock_client):
        self.client = DockerClient()
        self.client.pull('alpine', '3.2')
        docker_pull = self.client.client.pull
        docker_pull.assert_called_once_with('alpine',
                                            tag='3.2',
                                            decode=True,
                                            stream=True)
        # Test that blacklisted image names can't be pulled
        with self.assertRaises(PermissionDenied):
            self.client.pull('deis/controller', 'v1.11.1')
        with self.assertRaises(PermissionDenied):
            self.client.pull('localhost:5000/deis/controller', 'v1.11.1')

    def test_push(self, mock_client):
        self.client = DockerClient()
        self.client.push('ozzy/embryo', 'v4')
        docker_push = self.client.client.push
        docker_push.assert_called_once_with('ozzy/embryo',
                                            tag='v4',
                                            decode=True,
                                            stream=True)

    def test_tag(self, mock_client):
        self.client = DockerClient()
        self.client.tag('ozzy/embryo:git-f2a8020', 'ozzy/embryo', 'v4')
        docker_tag = self.client.client.tag
        docker_tag.assert_called_once_with('ozzy/embryo:git-f2a8020',
                                           'ozzy/embryo',
                                           tag='v4',
                                           force=True)

        # fake failed tag
        self.client.client.tag.return_value = False
        with self.assertRaises(RegistryException):
            self.client.tag('foo/bar:latest', 'foo/bar', 'v1.11.1')

        # Test that blacklisted image names can't be tagged
        with self.assertRaises(PermissionDenied):
            self.client.tag('deis/controller:v1.11.1', 'deis/controller',
                            'v1.11.1')

        with self.assertRaises(PermissionDenied):
            self.client.tag('localhost:5000/deis/controller:v1.11.1',
                            'deis/controller', 'v1.11.1')
Exemple #23
0
 def test_push(self, mock_client):
     self.client = DockerClient()
     self.client.push('ozzy/embryo', 'v4')
     docker_push = self.client.client.push
     docker_push.assert_called_once_with(
         'ozzy/embryo', tag='v4', insecure_registry=True, stream=True)
Exemple #24
0
class DockerClientTest(unittest.TestCase):
    """Test that the client makes appropriate Docker engine API calls."""

    def setUp(self):
        settings.REGISTRY_HOST, settings.REGISTRY_PORT = 'localhost', 5000

    def test_publish_release(self, mock_client):
        self.client = DockerClient()
        self.client.publish_release('ozzy/embryo:git-f2a8020',
                                    {'POWERED_BY': 'Deis'}, 'ozzy/embryo:v4', True)
        self.assertTrue(self.client.client.pull.called)
        self.assertTrue(self.client.client.tag.called)
        self.assertTrue(self.client.client.build.called)
        self.assertTrue(self.client.client.push.called)
        # Test that a registry host prefix is replaced with deis-registry for the target
        self.client.publish_release('ozzy/embryo:git-f2a8020',
                                    {'POWERED_BY': 'Deis'}, 'quay.io/ozzy/embryo:v4', True)
        docker_push = self.client.client.push
        docker_push.assert_called_with(
            'localhost:5000/ozzy/embryo', tag='v4', insecure_registry=True, stream=True)
        # Test that blacklisted image names can't be published
        with self.assertRaises(PermissionDenied):
            self.client.publish_release(
                'deis/controller:v1.11.1', {}, 'deis/controller:v1.11.1', True)
        with self.assertRaises(PermissionDenied):
            self.client.publish_release(
                'localhost:5000/deis/controller:v1.11.1', {}, 'deis/controller:v1.11.1', True)

    def test_build(self, mock_client):
        # test that self.client.build was called with proper arguments
        self.client = DockerClient()
        self.client.build('ozzy/embryo:git-f3a8020', {'POWERED_BY': 'Deis'}, 'ozzy/embryo', 'v4')
        docker_build = self.client.client.build
        self.assertTrue(docker_build.called)
        args = {"rm": True, "tag": u'localhost:5000/ozzy/embryo:v4', "stream": True}
        kwargs = docker_build.call_args[1]
        self.assertDictContainsSubset(args, kwargs)
        # test that the fileobj arg to "docker build" contains a correct Dockerfile
        f = kwargs['fileobj']
        self.assertEqual(f.read(), "FROM ozzy/embryo:git-f3a8020\nENV POWERED_BY='Deis'")
        # Test that blacklisted image names can't be built
        with self.assertRaises(PermissionDenied):
            self.client.build('deis/controller:v1.11.1', {}, 'deis/controller', 'v1.11.1')
        with self.assertRaises(PermissionDenied):
            self.client.build(
                'localhost:5000/deis/controller:v1.11.1', {}, 'deis/controller', 'v1.11.1')

    def test_pull(self, mock_client):
        self.client = DockerClient()
        self.client.pull('alpine', '3.2')
        docker_pull = self.client.client.pull
        docker_pull.assert_called_once_with(
            'alpine', tag='3.2', insecure_registry=True, stream=True)
        # Test that blacklisted image names can't be pulled
        with self.assertRaises(PermissionDenied):
            self.client.pull('deis/controller', 'v1.11.1')
        with self.assertRaises(PermissionDenied):
            self.client.pull('localhost:5000/deis/controller', 'v1.11.1')

    def test_push(self, mock_client):
        self.client = DockerClient()
        self.client.push('ozzy/embryo', 'v4')
        docker_push = self.client.client.push
        docker_push.assert_called_once_with(
            'ozzy/embryo', tag='v4', insecure_registry=True, stream=True)

    def test_tag(self, mock_client):
        self.client = DockerClient()
        self.client.tag('ozzy/embryo:git-f2a8020', 'ozzy/embryo', 'v4')
        docker_tag = self.client.client.tag
        docker_tag.assert_called_once_with(
            'ozzy/embryo:git-f2a8020', 'ozzy/embryo', tag='v4', force=True)
        # Test that blacklisted image names can't be tagged
        with self.assertRaises(PermissionDenied):
            self.client.tag('deis/controller:v1.11.1', 'deis/controller', 'v1.11.1')
        with self.assertRaises(PermissionDenied):
            self.client.tag('localhost:5000/deis/controller:v1.11.1', 'deis/controller', 'v1.11.1')

    def test_strip_prefix(self, mock_client):
        self.assertEqual(strip_prefix('quay.io/boris/riotsugar'), 'boris/riotsugar')
        self.assertEqual(strip_prefix('127.0.0.1:5000/boris/galaxians'), 'boris/galaxians')
        self.assertEqual(strip_prefix('boris/jacksonhead'), 'boris/jacksonhead')
        self.assertEqual(strip_prefix(':8888/boris/pink'), 'boris/pink')
Exemple #25
0
class DockerClientTest(unittest.TestCase):
    """Test that the client makes appropriate Docker engine API calls."""

    def setUp(self):
        settings.REGISTRY_HOST, settings.REGISTRY_PORT = 'localhost', 5000

    def test_publish_release(self, mock_client):
        self.client = DockerClient()
        self.client.publish_release('ozzy/embryo:git-f2a8020', 'ozzy/embryo:v4', True)
        self.assertTrue(self.client.client.pull.called)
        self.assertTrue(self.client.client.tag.called)
        self.assertTrue(self.client.client.push.called)
        # Test that a registry host prefix is replaced with deis-registry for the target
        self.client.publish_release('ozzy/embryo:git-f2a8020', 'quay.io/ozzy/embryo:v4', True)
        docker_push = self.client.client.push
        docker_push.assert_called_with(
            'localhost:5000/ozzy/embryo', tag='v4', insecure_registry=True, stream=True)
        # Test that blacklisted image names can't be published
        with self.assertRaises(PermissionDenied):
            self.client.publish_release(
                'deis/controller:v1.11.1', 'deis/controller:v1.11.1', True)
        with self.assertRaises(PermissionDenied):
            self.client.publish_release(
                'localhost:5000/deis/controller:v1.11.1', 'deis/controller:v1.11.1', True)

    def test_pull(self, mock_client):
        self.client = DockerClient()
        self.client.pull('alpine', '3.2')
        docker_pull = self.client.client.pull
        docker_pull.assert_called_once_with(
            'alpine', tag='3.2', insecure_registry=True, stream=True)
        # Test that blacklisted image names can't be pulled
        with self.assertRaises(PermissionDenied):
            self.client.pull('deis/controller', 'v1.11.1')
        with self.assertRaises(PermissionDenied):
            self.client.pull('localhost:5000/deis/controller', 'v1.11.1')

    def test_push(self, mock_client):
        self.client = DockerClient()
        self.client.push('ozzy/embryo', 'v4')
        docker_push = self.client.client.push
        docker_push.assert_called_once_with(
            'ozzy/embryo', tag='v4', insecure_registry=True, stream=True)

    def test_tag(self, mock_client):
        self.client = DockerClient()
        self.client.tag('ozzy/embryo:git-f2a8020', 'ozzy/embryo', 'v4')
        docker_tag = self.client.client.tag
        docker_tag.assert_called_once_with(
            'ozzy/embryo:git-f2a8020', 'ozzy/embryo', tag='v4', force=True)
        # Test that blacklisted image names can't be tagged
        with self.assertRaises(PermissionDenied):
            self.client.tag('deis/controller:v1.11.1', 'deis/controller', 'v1.11.1')
        with self.assertRaises(PermissionDenied):
            self.client.tag('localhost:5000/deis/controller:v1.11.1', 'deis/controller', 'v1.11.1')

    def test_strip_prefix(self, mock_client):
        self.assertEqual(strip_prefix('quay.io/boris/riotsugar'), 'boris/riotsugar')
        self.assertEqual(strip_prefix('127.0.0.1:5000/boris/galaxians'), 'boris/galaxians')
        self.assertEqual(strip_prefix('boris/jacksonhead'), 'boris/jacksonhead')
        self.assertEqual(strip_prefix(':8888/boris/pink'), 'boris/pink')
Exemple #26
0
    from .local_settings import *  # noqa
except ImportError:
    pass

# have confd_settings within container execution override all others
# including local_settings (which may end up in the container)
if os.path.exists('/templates/confd_settings.py'):
    sys.path.append('/templates')
    from confd_settings import *  # noqa

# Disable swap when mem limits are set, unless Docker is too old
DISABLE_SWAP = '--memory-swap=-1'
try:
    version = 'unknown'
    from registry.dockerclient import DockerClient
    version = DockerClient().client.version().get('Version')
    if not semver.validate(
            version) or semver.Version(version) < semver.Version('1.5.0'):
        DISABLE_SWAP = ''
except:
    print("Not disabling --memory-swap for Docker version {}".format(version))

# LDAP Backend Configuration
# Should be always after the confd_settings import.
LDAP_USER_SEARCH = LDAPSearch(base_dn=USER_BASEDN,
                              scope=ldap.SCOPE_SUBTREE,
                              filterstr="(%s=%%(user)s)" % USER_FILTER)
LDAP_GROUP_SEARCH = LDAPSearch(base_dn=GROUP_BASEDN,
                               scope=ldap.SCOPE_SUBTREE,
                               filterstr="(%s=%s)" %
                               (GROUP_FILTER, GROUP_TYPE))
Exemple #27
0
class DockerClientTest(unittest.TestCase):
    """Test that the client makes appropriate Docker engine API calls."""

    def setUp(self):
        settings.REGISTRY_HOST, settings.REGISTRY_PORT = 'localhost', 5000

    def test_get_port(self, mock_client):
        self.client = DockerClient()

        # Make sure login is not called when there are no creds
        get_port('ozzy/embryo:git-f2a8020', False)
        self.assertFalse(self.client.client.login.called)

        creds = {
            'username': '******',
            'password': '******',
            'email': 'fake',
            'registry': 'quay.io'
        }

        client = {}
        client['Status'] = 'Login Succeeded'
        self.client.client.login.return_value = client
        get_port('ozzy/embryo:git-f2a8020', False, creds)
        self.assertTrue(self.client.client.login.called)
        self.assertTrue(self.client.client.pull.called)
        self.assertTrue(self.client.client.inspect_image.called)

    def test_publish_release(self, mock_client):
        self.client = DockerClient()

        # Make sure login is not called when there are no creds
        publish_release('ozzy/embryo:git-f2a8020', 'ozzy/embryo:v4', False)
        self.assertFalse(self.client.client.login.called)

        creds = {
            'username': '******',
            'password': '******',
            'email': 'fake',
            'registry': 'quay.io'
        }

        client = {}
        client['Status'] = 'Login Succeeded'
        self.client.client.login.return_value = client
        publish_release('ozzy/embryo:git-f2a8020', 'ozzy/embryo:v4', False, creds)
        self.assertTrue(self.client.client.login.called)
        self.assertTrue(self.client.client.pull.called)
        self.assertTrue(self.client.client.tag.called)
        self.assertTrue(self.client.client.push.called)

        publish_release('ozzy/embryo:git-f2a8020', 'ozzy/embryo:v4', True)
        self.assertTrue(self.client.client.pull.called)
        self.assertTrue(self.client.client.tag.called)
        self.assertTrue(self.client.client.push.called)

        # Test that a registry host prefix is replaced with deis-registry for the target
        publish_release('ozzy/embryo:git-f2a8020', 'quay.io/ozzy/embryo:v4', True)
        docker_push = self.client.client.push
        docker_push.assert_called_with(
            'localhost:5000/ozzy/embryo', tag='v4', insecure_registry=True,
            decode=True, stream=True)

        # Test that blacklisted image names can't be published
        with self.assertRaises(PermissionDenied):
            publish_release(
                'deis/controller:v1.11.1', 'deis/controller:v1.11.1', True)
        with self.assertRaises(PermissionDenied):
            publish_release(
                'localhost:5000/deis/controller:v1.11.1', 'deis/controller:v1.11.1', True)

    def test_login(self, mock_client):
        self.client = DockerClient()

        # success
        client = {}
        client['Status'] = 'Login Succeeded'
        self.client.client.login.return_value = client

        creds = {
            'username': '******',
            'password': '******',
            'email': 'fake',
            'registry': 'quay.io'
        }
        self.client.login('quay.io/deis/foobar', creds)
        docker_login = self.client.client.login
        docker_login.assert_called_with(
            username='******', password='******',
            email='fake', registry='quay.io'
        )

        # username matches
        client = {}
        client['username'] = '******'
        self.client.client.login.return_value = client

        creds = {
            'username': '******',
            'password': '******',
            'email': 'fake',
            'registry': 'quay.io'
        }
        self.client.login('quay.io/deis/foobar', creds)
        docker_login = self.client.client.login
        docker_login.assert_called_with(
            username='******', password='******',
            email='fake', registry='quay.io'
        )

    def test_login_failed(self, mock_client):
        self.client = DockerClient()

        # failed login
        client = {}
        client['Status'] = 'Login Failed'
        self.client.client.login.return_value = client

        creds = {
            'username': '******',
            'password': '******',
            'email': 'fake',
            'registry': 'quay.io'
        }

        with self.assertRaises(PermissionDenied):
            self.client.login('quay.io/deis/foobar', creds)
            docker_login = self.client.client.login
            docker_login.assert_called_with(
                username='******', password='******',
                email='fake', registry='quay.io'
            )

    def test_login_bad_creds(self, mock_client):
        self.client = DockerClient()

        # missing parts of credentials
        with self.assertRaises(PermissionDenied):
            creds = {
                'username': '******',
                'email': 'fake',
                'registry': 'quay.io'
            }
            self.client.login('quay.io/deis/foobar', creds)

        # bad credentials
        with self.assertRaises(PermissionDenied):
            creds = {
                'username': '******',
                'password': '******',
                'email': 'fake',
                'registry': 'quay.io'
            }
            self.client.login('quay.io/deis/foobar', creds)

    def test_pull(self, mock_client):
        self.client = DockerClient()
        self.client.pull('alpine', '3.2')
        docker_pull = self.client.client.pull
        docker_pull.assert_called_once_with(
            'alpine', tag='3.2', insecure_registry=True, decode=True, stream=True)
        # Test that blacklisted image names can't be pulled
        with self.assertRaises(PermissionDenied):
            self.client.pull('deis/controller', 'v1.11.1')
        with self.assertRaises(PermissionDenied):
            self.client.pull('localhost:5000/deis/controller', 'v1.11.1')

    def test_push(self, mock_client):
        self.client = DockerClient()
        self.client.push('ozzy/embryo', 'v4')
        docker_push = self.client.client.push
        docker_push.assert_called_once_with(
            'ozzy/embryo', tag='v4', insecure_registry=True, decode=True, stream=True)

    def test_tag(self, mock_client):
        self.client = DockerClient()
        self.client.tag('ozzy/embryo:git-f2a8020', 'ozzy/embryo', 'v4')
        docker_tag = self.client.client.tag
        docker_tag.assert_called_once_with(
            'ozzy/embryo:git-f2a8020', 'ozzy/embryo', tag='v4', force=True)

        # fake failed tag
        self.client.client.tag.return_value = False
        with self.assertRaises(RegistryException):
            self.client.tag('foo/bar:latest', 'foo/bar', 'v1.11.1')

        # Test that blacklisted image names can't be tagged
        with self.assertRaises(PermissionDenied):
            self.client.tag('deis/controller:v1.11.1', 'deis/controller', 'v1.11.1')

        with self.assertRaises(PermissionDenied):
            self.client.tag('localhost:5000/deis/controller:v1.11.1', 'deis/controller', 'v1.11.1')