def __init__(self, credentials_descriptor): validate(credentials_descriptor, "yac/schema/stacks/k8s/credentialer.json") self.namespace = search("namespace", credentials_descriptor,"") self.clusters = search("clusters", credentials_descriptor, ["nonprod","prod"]) # if tokens are input there should be one per cluster self.tokens = search("tokens", credentials_descriptor, []) self.secrets = Secrets(search('"Secrets"', credentials_descriptor,{})) # initialize the inputs (for driving user prompts) self.inputs = Inputs(search("Inputs", credentials_descriptor,{})) # for integration testing it is useful to write files to a # root director other than user's home self.rootdir = search("rootdir", credentials_descriptor,"")
def __init__(self, serialized_artifact): validate(serialized_artifact, "yac/schema/makers/container_image.json") self.name = search("name",serialized_artifact,"") self.description = search("description",serialized_artifact,"") self.image = search("image",serialized_artifact) # the registry where the images should be pushed # defaults to artifactory self.registry = search('registry', serialized_artifact, ARTIFACTORY_URL) # initialize the inputs (for driving user prompts) self.inputs = Inputs(search("Inputs", serialized_artifact,{})) self.secrets = Secrets(search('"Secrets"', serialized_artifact,{})) # client for most operations self.client = docker.DockerClient('tcp://%s:%s'%(BUILDER_HOST, BUILDER_PORT)) # client for "low-level" build operations (e.g. builds that send # the details on each layer built to stdout ) # TODO: figure out why auth isn't working from inside a container # with this one self.api_client = docker.APIClient('tcp://%s:%s'%(BUILDER_HOST, BUILDER_PORT))
def test_secrets(self): my_secrets = { "param-key-1": { "comment": "branch 1, child 1, entry 1", "source": "keepass", "lookup": { "path": "Branch 1/B1-C1/B1-C1-E1", "field": "password" } }, "param-key-2": { "comment": "branch 2, child 2, entry 1", "source": "keepass", "lookup": { "path": "Branch 2/B2-C2/B2-C2-E1", "field": "password" } } } secrets_vaults = [{ "type": "keepass", "name": "keepass", "configs": { "vault-path": "yac/tests/vault/vectors/test_vault.kdbx", "vault-pwd-path": TestCase.pwd_path } }] params = Params({}) vaults = SecretVaults(secrets_vaults) secrets = Secrets(my_secrets) secrets.load(params, vaults) print(secrets.get_errors()) both_loaded = (params.get("param-key-1") == 'b1-c1-e1-secret' and params.get("param-key-2") == 'b2-c2-e1-secret') self.assertTrue(both_loaded)
def __init__(self, serialized_artifact): validate(serialized_artifact, "yac/schema/makers/ami.json") self.name = search('name', serialized_artifact) self.description = search('description', serialized_artifact) # the aws profile aliasing the account to build in self.profile = search('profile', serialized_artifact) # path to the packer file self.packer_file = search('"packer-file"', serialized_artifact) # directory containing files that should be included in the build self.packable_dir = search('"packer-dir"', serialized_artifact, "") self.secrets = Secrets(search('"Secrets"', serialized_artifact, {})) # initialize the inputs (for driving user prompts) self.inputs = Inputs(search("Inputs", serialized_artifact, {}))
def test_schema_good(self): serialized_obj = { "wlwxgittest-token": { "comment": "api token for the wlwxgittest user. wrapped service alias in quotes due to jsonpath cannot do lookup for paths with a hyphen", "source": "main", "lookup": { "yac-join": [ ".", [ "wlwxgittest", "tokens", { "yac-join": [ "", ["\"", { "yac-ref": "service-alias" }, "\""] ] }, { "yac-ref": "env" } ] ] } } } # test that no schema validation errors are raised validation_success = True try: secrets = Secrets(serialized_obj) except ValidationError as e: validation_success = False print("validation failed") self.assertTrue(validation_success == True)
class NordstromK8sCredentialer(): def __init__(self, credentials_descriptor): validate(credentials_descriptor, "yac/schema/stacks/k8s/credentialer.json") self.namespace = search("namespace", credentials_descriptor,"") self.clusters = search("clusters", credentials_descriptor, ["nonprod","prod"]) # if tokens are input there should be one per cluster self.tokens = search("tokens", credentials_descriptor, []) self.secrets = Secrets(search('"Secrets"', credentials_descriptor,{})) # initialize the inputs (for driving user prompts) self.inputs = Inputs(search("Inputs", credentials_descriptor,{})) # for integration testing it is useful to write files to a # root director other than user's home self.rootdir = search("rootdir", credentials_descriptor,"") def create(self, params, vaults, overwrite_bool): self.params = params # process creds-specific inputs and load results into params self.inputs.load(self.params) # load any creds-specific secrets into params self.secrets.load(self.params,vaults) # determine if credentialer is being instantiated on a developer # desktop self.is_desktop = self.running_on_desktop() err = "" if overwrite_bool or not self.created_today(".kube/config"): # make sure certs are in place err = self.install_root_ca_certs() # install ~/.kubeloginrc.yaml file # note: file is only needed when running on a desktop if not err and self.is_desktop: self.install_kube_login() # create ~/.kube/config file if not err: self.install_kube_config(params) if not err and not self.tokens: # explain how to create tokens for the target clusters self.token_help() else: print("k8s ~/.kube/config file has fresh tokens so won't be updated ...") return err def token_help(self): for cluster in self.clusters: self.show_kubelogin_help(cluster) input("press <enter> when you've completed the kubelogin for all clusters ... >> ") def install_root_ca_certs(self): # install each cert err = self.download_cert(PROD1_CERT_URL,".kube/certs/prod1.pem") # stop after the first error if not err: err = self.download_cert(PROD2_CERT_URL,".kube/certs/prod2.pem") if not err: if self.is_desktop: err = self.download_cert(NONPROD_PRIVATE_CERT_URL,".kube/certs/nonprod.pem") else: err = self.download_cert(NONPROD_PUBLIC_CERT_URL,".kube/certs/nonprod.pem") return err def download_cert(self, url, home_rel_path): err = "" r = requests.get(url, allow_redirects=True) if r.status_code == 200: self.write_home_file(r.content.decode("utf-8"),home_rel_path) else: err = "could not download root CA cert from %s"%url return err def install_kube_config(self, params): # use .kubeconfig.yaml as a template with open(os.path.join(get_root_path(), "lib/stacks/k8s/configs/.kubeconfig.yaml"), 'r') as config_file: file_contents = config_file.read() # render mustaches in the file ... # first worry about how to render the 'token' token in the # file # use placeholder values (o.w. apply_stemplate will raise TemplateError). # the user will need to use kubelogin to overwrite stock_tokens = ["via kubelogin", "via kubelogin", "via kubelogin"] if not self.tokens: # no tokens are provided via servicefile. this is a typical pattern # for servicefiles that are meant to be run from a developer desktop. tokens = stock_tokens else: tmp_tokens = stock_tokens # make sure there is one token per cluster tmp_tokens[0:len(self.tokens)] = self.tokens # tokens were specified in the servicefile # these will typically include secrets that are referenced # via a yac-ref intrinstric, so render intrinsics in the tokens tokens = apply_intrinsics(tmp_tokens, params) # build the params for each variable in the file local_params = Params({}) # set variables for each of the cluster tokens cluster_keys = ["nonprod-token","prod1-token","prod2-token"] for i,token in enumerate(tokens): local_params.set(cluster_keys[i],token) # the namespace params supports intrinsics (so that it can be set via an input) namespace = apply_intrinsics(self.namespace, params) # set namespace variable for template rendering local_params.set("namespace", namespace) if self.is_desktop: # use the private api to avoid the limitations of the public # api endpoint, per: # * https://gitlab.nordstrom.com/k8s/platform-bootstrap/wikis/Onboard-to-AWS-Kubernetes-Clusters local_params.set("nonprod-api-url",NONPROD_PRIVATE_API) else: # pipelines must use the public to avoid v2 account peering # contraints local_params.set("nonprod-api-url",NONPROD_PUBLIC_API) # do the actual mustache rendering rendered_file_contents = apply_stemplate(file_contents,local_params) # take backup of any existing .kube/config files self.backup_existing(".kube/config") # write file self.write_home_file(rendered_file_contents,".kube/config") def install_kube_login(self): # get the contents of the .kube/config file file_contents = get_file_contents('yac/lib/stacks/k8s/configs/.kubeloginrc.yaml') # write file self.write_home_file(file_contents,".kubeloginrc.yaml") # copy the kubelogin app under the user's home dir kubelogin_dest = self.get_kubelogin_path() if os.path.exists(kubelogin_dest): # remove existing installatiaon of kubelogin os.remove(kubelogin_dest) print("installing: %s"%kubelogin_dest) shutil.copyfile('yac/lib/stacks/k8s/configs/kubelogin', kubelogin_dest) os.chmod(kubelogin_dest, stat.S_IREAD | stat.S_IEXEC ) def backup_existing(self,home_rel_path): full_home_path = get_home_path(home_rel_path) if os.path.exists(full_home_path): # rename existing file timestamp = "{:%Y-%m-%d.%H.%M.%S}".format(dt.datetime.now()) backup_filename = "%s.%s"%(full_home_path,timestamp) print("backing up existing ~/.kube/config file to: %s"%backup_filename) os.rename(full_home_path, backup_filename) def write_home_file(self, content, home_rel_path): full_home_path = get_home_path(home_rel_path) if not os.path.exists(os.path.dirname(full_home_path)): os.makedirs(os.path.dirname(full_home_path)) print("writing: %s"%(full_home_path)) open(full_home_path, 'w').write(content) def show_kubelogin_help(self, cluster): # from the kubelogin command kubelogin_path = self.get_kubelogin_path() kubelogin_cmd = "%s login %s"%(kubelogin_path,cluster) print("run the following command in a separate terminal to generate credentials for the %s cluster:"%cluster) print("$ {0}".format( kubelogin_cmd )) def created_today(self, home_rel_path): # returns true if the the file at home_rel_path was created today created_today=False full_home_path = get_home_path(home_rel_path) if os.path.exists(full_home_path): today = dt.datetime.now().date() filetime = dt.datetime.fromtimestamp(os.path.getctime(full_home_path)) if filetime.date() == today: created_today = True return created_today def running_on_desktop(self): # returns true if these credentials are being created on a developer desktop # # the distinction is important for this k8s credentialer as it determines which # k8s api endpoint to use. the private endpoint is the most fully featured (esp for # kubectl commands) but is only accessible from clients joined to the nordstrom domain. # the public endpoint works for most use cases AND is availble from build servers # running in most environments (k8s clusters, aws v2 accounts, etc). return self.params.get('desktop') def get_current_context(self): context_name = "" full_home_path = get_home_path(".kube/config", self.rootdir) if os.path.exists(full_home_path): kubernetes.config.load_kube_config() contexts, active_context = kubernetes.config.list_kube_config_contexts() if ('name' in active_context ): context_name = active_context['name'] return context_name def get_kubelogin_path(self): return get_home_path(".kube/kubelogin")
class AMI(): # for building AMIs (amazon machine images) using packer def __init__(self, serialized_artifact): validate(serialized_artifact, "yac/schema/makers/ami.json") self.name = search('name', serialized_artifact) self.description = search('description', serialized_artifact) # the aws profile aliasing the account to build in self.profile = search('profile', serialized_artifact) # path to the packer file self.packer_file = search('"packer-file"', serialized_artifact) # directory containing files that should be included in the build self.packable_dir = search('"packer-dir"', serialized_artifact, "") self.secrets = Secrets(search('"Secrets"', serialized_artifact, {})) # initialize the inputs (for driving user prompts) self.inputs = Inputs(search("Inputs", serialized_artifact, {})) def get_name(self): return self.name def get_description(self): return self.description def make(self, params, vaults, dry_run_bool=False): err = "" self.params = params # process inputs and load results into params self.inputs.load(self.params) # load secrets into parmas self.secrets.load(self.params, vaults) # if the packer dir wasn't specified, assume the same dir # that the packerfile is in self.set_packable_dir() # render variables in all files # put the rendered files in the std dump path so they # can be viewed after the yac container stops dump_path = get_dump_path(params.get("service-alias")) build_path = os.path.join(dump_path, "packer") # print(self.params) apply_templates_in_dir(self.packable_dir, self.params, build_path) # from the packer build command packer_file_name = os.path.basename(self.packer_file) packer_cmd = "packer build %s" % (packer_file_name) if dry_run_bool: print("see rendered packer files under %s" % build_path) else: # the full file path to the gitlab.json file packer_path = os.path.join(build_path, packer_file_name) # get the AMI_Name && Override Parameter with open(packer_path, 'r') as f: packer_dict = json.load(f) ami_name = jmespath.search("builders[0].ami_name", packer_dict) override_param = jmespath.search("builders[0].force_deregister", packer_dict) if (self.ami_exists(params, ami_name) and override_param is False): print( "AMI already exists and packer file includes instructions to NOT overwrite" ) else: print("build command:\n{0}".format(packer_cmd)) # get the current working dir curr_dir = os.getcwd() # cd to the tmp dir os.chdir(build_path) # the subprocess command expects the command to be split into an array # on whitespace boundaries. packer_cmd_array = packer_cmd.split(" ") try: last_line = "" process = subprocess.Popen(packer_cmd_array, stdout=subprocess.PIPE) for c_bytes in iter(lambda: process.stdout.read(1), ''): c = c_bytes.decode("utf-8") process.poll() # write this char to stdout if c: sys.stdout.write(c) # troll for ami ids in the packer output by converting individual # chars into packer output lines and using a regex to find ami ids # in each line if c != '\n': last_line = last_line + c else: # cache ami info that appear for future reference # in front end builds ami_id = self._find_ami_id(last_line) if ami_id: self.ami_id = ami_id # reset the line last_line = c else: err = process.returncode break except Exception as e: err = str(e) # cd back to the original dir os.chdir(curr_dir) return err # find ami id from a line of packer output def _find_ami_id(self, packer_output_str): ami_id = "" # use regex to look for the ami id in the packer output # second group matches any letter (case-insenstive) or int regex_result = re.search("(us-west-2: )(ami-[a-zA-Z0-9]{8,})", packer_output_str) # if it exists, second group holds the ami id if (regex_result and regex_result.group(2)): ami_id = regex_result.group(2) return ami_id def set_packable_dir(self): if not self.packable_dir: packer_file_full_path = os.path.join( self.params.get('servicefile-path'), self.packer_file) self.packable_dir = os.path.dirname(packer_file_full_path) def ami_exists(self, params, ami_name): ami_exists = False session, err = get_session(params) if not err: client = session.client('ec2') response = client.describe_images(Filters=[{ 'Name': 'name', 'Values': [ami_name] }]) else: return err if "Images" in response and len(response["Images"]) == 1: ami_exists = True return ami_exists
def __init__(self, serialized_service, service_path, alias="", params_path="", kvps=""): # first validate. this should throw an exception if # required fields aren't present validate(serialized_service, "yac/schema/service.json") self.path = service_path self.kvps_str = kvps self.params_file_path = params_path self.description = Description(search('Description', serialized_service,{}), alias) self.vaults = SecretVaults(search('"Vaults"', serialized_service,[])) # a service can references other services that it includes self.includes = search("includes", serialized_service,{}) # initialize stack params (key/value pairs and maps), including static params specified # in the serialized service, params from an external file, # params specified in a key-value pair string (kvps), self.params = Params(search('"Params"', serialized_service, {})) # initialize the dictionary that will hold all params (statics+secrets+inputs) self.all_params = {} inputs_cacher = InputsCacher(search('InputsCache', serialized_service,{})) self.inputs = Inputs(search('Inputs', serialized_service,{}), inputs_cacher) self.secrets = Secrets(search('"Secrets"', serialized_service,{})) # inialize the stack associated with this service self.stack = Stack(search('Stack', serialized_service, {})) self.tasks = Tasks(search('Tasks', serialized_service,{})) # initialize the tests associated with this service self.tests = IntegrationTests(search('"IntegrationTests"', serialized_service,{})) # initialize the artifacts associate with this service self.artifacts = Artifacts(search('Artifacts', serialized_service,[])) # initialize the credentialer associated with this service self.credentialers = Credentialers(search("Credentialers",serialized_service,[])) # initialize the pipeline associated with this service self.pipeline = Pipeline(search('Pipeline', serialized_service,{})) # load the objects from each included service self.load_includes() # save a copy of the full serialized version of the # service to support the serialize() method self.serialized_service = serialized_service
class Service(): def __init__(self, serialized_service, service_path, alias="", params_path="", kvps=""): # first validate. this should throw an exception if # required fields aren't present validate(serialized_service, "yac/schema/service.json") self.path = service_path self.kvps_str = kvps self.params_file_path = params_path self.description = Description(search('Description', serialized_service,{}), alias) self.vaults = SecretVaults(search('"Vaults"', serialized_service,[])) # a service can references other services that it includes self.includes = search("includes", serialized_service,{}) # initialize stack params (key/value pairs and maps), including static params specified # in the serialized service, params from an external file, # params specified in a key-value pair string (kvps), self.params = Params(search('"Params"', serialized_service, {})) # initialize the dictionary that will hold all params (statics+secrets+inputs) self.all_params = {} inputs_cacher = InputsCacher(search('InputsCache', serialized_service,{})) self.inputs = Inputs(search('Inputs', serialized_service,{}), inputs_cacher) self.secrets = Secrets(search('"Secrets"', serialized_service,{})) # inialize the stack associated with this service self.stack = Stack(search('Stack', serialized_service, {})) self.tasks = Tasks(search('Tasks', serialized_service,{})) # initialize the tests associated with this service self.tests = IntegrationTests(search('"IntegrationTests"', serialized_service,{})) # initialize the artifacts associate with this service self.artifacts = Artifacts(search('Artifacts', serialized_service,[])) # initialize the credentialer associated with this service self.credentialers = Credentialers(search("Credentialers",serialized_service,[])) # initialize the pipeline associated with this service self.pipeline = Pipeline(search('Pipeline', serialized_service,{})) # load the objects from each included service self.load_includes() # save a copy of the full serialized version of the # service to support the serialize() method self.serialized_service = serialized_service # add mergeable fields from another service into this service def add(self, service): if service.params: self.params.add(service.params) if service.secrets: self.secrets.add(service.secrets) if service.vaults: self.vaults.add(service.vaults) if service.stack.impl: # there can be only one stack if self.stack.impl: self.stack.add(service.stack) else: self.stack = service.stack if service.tasks: self.tasks.add(service.tasks) if service.inputs: self.inputs.add(service.inputs) if service.tests: self.tests.add(service.tests) if service.artifacts: self.artifacts.add(service.artifacts) if service.credentialers: self.credentialers.add(service.credentialers) if service.pipeline and service.pipeline.get_stages(): # there can be only one pipeline per service self.pipeline = service.pipeline def add_params_via_kvps(self,kvp_str): # load key-value pairs via a kvp string formatted as: # <key1>:<value1>,<key2>:<val2>,etc self.params.load_kvps(kvp_str) def load_includes(self): # load objects from each included service # for each included service specified for service_key in self.includes: sub_service_path = self.includes[service_key]["value"] # load the included service ... this_sub, err = get_service(sub_service_path, servicefile_path=self.path) # add to this service if not err: print("including '%s' service ..."%(service_key)) self.add(this_sub) else: print("included service '%s' could not be loaded from %s"%(service_key, sub_service_path)) print("error: %s"%err) print("exiting ...") exit(0) exit(0) def get_meta_params(self): # get meta data about this service service_metadata = Params({}) service_metadata.set("service-default-alias",self.description.default_alias, "service default alias") service_metadata.set("service-alias",self.description.alias, "service alias") service_metadata.set("service-name",self.description.name, "service name") service_metadata.set("servicefile-path",self.path, "path to the servicefile") # add service summary and repo service_metadata.set('service-summary',self.description.summary, "service summary") service_metadata.set('service-repo',self.description.repo, "repo containing this service") # add the command that was run against this service service_metadata.set("yac-command",sys.argv[0], 'the yac command being run') return service_metadata def get_params(self): # add params describing the service itself self.params.add(self.get_meta_params()) # load any params from yac-supported env variables self.params.load_from_env_variables() # load kvps (typically used for injecting inputs in pipelines or overriding # an invidual param setpoint) self.params.load_kvps(self.kvps_str) # load params from file self.params.load_from_file(self.params_file_path) return self.params def get_all_params(self, context="", dry_run_bool=False, credentialer_names=[]): # Take a copy of params self.all_params = self.get_params() # process inputs and load results into params self.inputs.load(self.all_params) # load secrets into params self.secrets.load(self.all_params, self.vaults) return self.all_params def get_description(self): return self.description def get_artifacts(self): return self.artifacts def get_stack(self): return self.stack def get_tests(self): return self.tests def get_tasks(self): return self.tasks def get_vaults(self): return self.vaults def get_deployer(self): return self.deployer() def get_inputs(self): return self.inputs def get_secrets(self): return self.secrets def get_pipeline(self): return self.pipeline def get_credentialers(self): return self.credentialers def get_serialized_pipeline(self): return self.serialized_pipeline def deploy_boot_files(self, dry_run_bool=False): self.boot_files.deploy(self.params, dry_run_bool) def serialize(self): return self.serialized_service def __str__(self): ret = ("description:\n %s\n"%self.description + "params:\n %s\n"%self.params + "secrets:\n %s\n"%self.secrets + "stack:\n %s\n"%self.stack + "vaults: \n %s\n")%self.vaults return ret
class ContainerImage(): # for building docker container images def __init__(self, serialized_artifact): validate(serialized_artifact, "yac/schema/makers/container_image.json") self.name = search("name",serialized_artifact,"") self.description = search("description",serialized_artifact,"") self.image = search("image",serialized_artifact) # the registry where the images should be pushed # defaults to artifactory self.registry = search('registry', serialized_artifact, ARTIFACTORY_URL) # initialize the inputs (for driving user prompts) self.inputs = Inputs(search("Inputs", serialized_artifact,{})) self.secrets = Secrets(search('"Secrets"', serialized_artifact,{})) # client for most operations self.client = docker.DockerClient('tcp://%s:%s'%(BUILDER_HOST, BUILDER_PORT)) # client for "low-level" build operations (e.g. builds that send # the details on each layer built to stdout ) # TODO: figure out why auth isn't working from inside a container # with this one self.api_client = docker.APIClient('tcp://%s:%s'%(BUILDER_HOST, BUILDER_PORT)) def get_name(self): return self.name def get_description(self): return self.description def make(self, params, vaults, dry_run_bool=False): self.params = params # process inputs and load results into params self.inputs.load(self.params) # load secrets into parmas self.secrets.load(self.params, vaults) # build the image err = self.build(dry_run_bool) if not err: # login to container registry specified in the servicefile err = self.login() if not err: # push the image to the registry err = self.push(dry_run_bool) return err def login(self): err = "" # render intrinsics in the registry rendered_registry = apply_intrinsics(self.registry, self.params) try: print("login using api client") response = self.client.login(username = rendered_registry['username'], password = rendered_registry['password'], registry = rendered_registry['host']) print(response) except docker.errors.APIError as ae: err = ae return err def build(self, dry_run_bool=False): err = "" build_success = False # render intrinsics in the image rendered_image = apply_intrinsics(self.image, self.params) # put the rendered files in the std dump path so they # can be viewed after the yac container stops dump_path = get_dump_path(params.get("service-alias")) build_path = os.path.join(dump_path,"docker") # path to the docker file (relative to servicefile) self.dockerfile_path = search('"dockerfile"',rendered_image,"") servicefile_path = self.params.get('servicefile-path') dockerfile_full_path = os.path.join(servicefile_path,self.dockerfile_path) if os.path.exists(dockerfile_full_path): # render variables in the docker file apply_templates_in_file(dockerfile_full_path, self.params, build_path) # assume files are in the same location as the dockerfile apply_templates_in_dir(os.path.dirname(dockerfile_full_path), self.params, build_path) self.image_name = search("name",rendered_image,"") self.image_label = search("label",rendered_image,"") # build args self.build_args = search('"build-args"',rendered_image,[]) if dry_run_bool: print("see rendered files under %s"%build_path) print("(dry-run) building image %s:%s ..."%(self.image_name, self.image_label)) else: try: print("building image %s:%s ..."%(self.image_name, self.image_label)) # build the image self.image,log = self.client.images.build(tag="%s:%s"%(self.image_name, self.image_label), path=build_path, buildargs=self.build_args) for line in log: if 'stream' in line: print(line['stream']) else: print(line) except docker.errors.APIError as ae: err = "APIError: %s"%ae except docker.errors.BuildError as be: err = "BuildError: %s"%be except TypeError as te: err = "TypeError: %s"%te else: err = "dockerfile at %s does not exist"%dockerfile_full_path return err def push(self, dry_run_bool=False): if dry_run_bool: print("(dry-run) pushing image %s:%s ..."%(self.image_name,self.image_label)) else: print("pushing image %s:%s ..."%(self.image_name,self.image_label)) # push the image to registry response = self.client.images.push(repository=self.image_name, tag=self.image_label) print(response)