def test_build(self, mock_client):
# test that self.client.build was called with proper arguments
self.client = DockerClient()
self.client.build('ozzy/embryo:git-f3a8020', {'POWERED_BY': 'Deis'},
'ozzy/embryo', 'v4')
docker_build = self.client.client.build
self.assertTrue(docker_build.called)
args = {
"rm": True,
"tag": u'localhost:5000/ozzy/embryo:v4',
"stream": True
}
kwargs = docker_build.call_args[1]
self.assertDictContainsSubset(args, kwargs)
# test that the fileobj arg to "docker build" contains a correct Dockerfile
f = kwargs['fileobj']
self.assertEqual(
f.read(), "FROM ozzy/embryo:git-f3a8020\nENV POWERED_BY=\"Deis\"")
# Test that blacklisted image names can't be built
with self.assertRaises(PermissionDenied):
self.client.build('deis/controller:v1.11.1', {}, 'deis/controller',
'v1.11.1')
with self.assertRaises(PermissionDenied):
self.client.build('localhost:5000/deis/controller:v1.11.1', {},
'deis/controller', 'v1.11.1')
def test_publish_release(self, mock_client):
self.client = DockerClient()
self.client.publish_release('ozzy/embryo:git-f2a8020',
{'POWERED_BY': 'Deis'}, 'ozzy/embryo:v4',
True)
self.assertTrue(self.client.client.pull.called)
self.assertTrue(self.client.client.tag.called)
self.assertTrue(self.client.client.build.called)
self.assertTrue(self.client.client.push.called)
# Test that a registry host prefix is replaced with deis-registry for the target
self.client.publish_release('ozzy/embryo:git-f2a8020',
{'POWERED_BY': 'Deis'},
'quay.io/ozzy/embryo:v4', True)
docker_push = self.client.client.push
docker_push.assert_called_with('localhost:5000/ozzy/embryo',
tag='v4',
insecure_registry=True,
stream=True)
# Test that blacklisted image names can't be published
with self.assertRaises(PermissionDenied):
self.client.publish_release('deis/controller:v1.11.1', {},
'deis/controller:v1.11.1', True)
with self.assertRaises(PermissionDenied):
self.client.publish_release(
'localhost:5000/deis/controller:v1.11.1', {},
'deis/controller:v1.11.1', True)
def test_push(self, mock_client):
self.client = DockerClient()
self.client.push('ozzy/embryo', 'v4')
docker_push = self.client.client.push
docker_push.assert_called_once_with('ozzy/embryo',
tag='v4',
decode=True,
stream=True)
def test_pull(self, mock_client):
self.client = DockerClient()
self.client.pull('alpine', '3.2')
docker_pull = self.client.client.pull
docker_pull.assert_called_once_with(
'alpine', tag='3.2', insecure_registry=True, stream=True)
# Test that blacklisted image names can't be pulled
with self.assertRaises(PermissionDenied):
self.client.pull('deis/controller', 'v1.11.1')
with self.assertRaises(PermissionDenied):
self.client.pull('localhost:5000/deis/controller', 'v1.11.1')
def test_tag(self, mock_client):
self.client = DockerClient()
self.client.tag('ozzy/embryo:git-f2a8020', 'ozzy/embryo', 'v4')
docker_tag = self.client.client.tag
docker_tag.assert_called_once_with(
'ozzy/embryo:git-f2a8020', 'ozzy/embryo', tag='v4', force=True)
# Test that blacklisted image names can't be tagged
with self.assertRaises(PermissionDenied):
self.client.tag('deis/controller:v1.11.1', 'deis/controller', 'v1.11.1')
with self.assertRaises(PermissionDenied):
self.client.tag('localhost:5000/deis/controller:v1.11.1', 'deis/controller', 'v1.11.1')
def test_publish_release(self, mock_client):
self.client = DockerClient()
# Make sure login is not called when there are no creds
publish_release('ozzy/embryo:git-f2a8020', 'ozzy/embryo:v4', False)
self.assertFalse(self.client.client.login.called)
creds = {
'username': '******',
'password': '******',
'email': 'fake',
'registry': 'quay.io'
}
client = {}
client['Status'] = 'Login Succeeded'
self.client.client.login.return_value = client
publish_release('ozzy/embryo:git-f2a8020', 'ozzy/embryo:v4', False,
creds)
self.assertTrue(self.client.client.login.called)
self.assertTrue(self.client.client.pull.called)
self.assertTrue(self.client.client.tag.called)
self.assertTrue(self.client.client.push.called)
publish_release('ozzy/embryo:git-f2a8020', 'ozzy/embryo:v4', True)
self.assertTrue(self.client.client.pull.called)
self.assertTrue(self.client.client.tag.called)
self.assertTrue(self.client.client.push.called)
# Test that a registry host prefix is replaced with deis-registry for the target
publish_release('ozzy/embryo:git-f2a8020', 'quay.io/ozzy/embryo:v4',
True)
docker_push = self.client.client.push
docker_push.assert_called_with('localhost:5000/ozzy/embryo',
tag='v4',
insecure_registry=True,
decode=True,
stream=True)
# Test that blacklisted image names can't be published
with self.assertRaises(PermissionDenied):
publish_release('deis/controller:v1.11.1',
'deis/controller:v1.11.1', True)
with self.assertRaises(PermissionDenied):
publish_release('localhost:5000/deis/controller:v1.11.1',
'deis/controller:v1.11.1', True)
def test_pull(self, mock_client):
self.client = DockerClient()
self.client.pull('alpine', '3.2')
docker_pull = self.client.client.pull
docker_pull.assert_called_once_with('alpine', tag='3.2', decode=True, stream=True)
# Test that blacklisted image names can't be pulled
with self.assertRaises(PermissionDenied):
self.client.pull('deis/controller', 'v1.11.1')
with self.assertRaises(PermissionDenied):
self.client.pull('localhost:5000/deis/controller', 'v1.11.1')
def test_tag(self, mock_client):
self.client = DockerClient()
self.client.tag('ozzy/embryo:git-f2a8020', 'ozzy/embryo', 'v4')
docker_tag = self.client.client.tag
docker_tag.assert_called_once_with(
'ozzy/embryo:git-f2a8020', 'ozzy/embryo', tag='v4', force=True)
# Test that blacklisted image names can't be tagged
with self.assertRaises(PermissionDenied):
self.client.tag('deis/controller:v1.11.1', 'deis/controller', 'v1.11.1')
with self.assertRaises(PermissionDenied):
self.client.tag('localhost:5000/deis/controller:v1.11.1', 'deis/controller', 'v1.11.1')
def test_get_port(self, mock_client):
self.client = DockerClient()
# Make sure login is not called when there are no creds
get_port('ozzy/embryo:git-f2a8020', False)
self.assertFalse(self.client.client.login.called)
creds = {
'username': '******',
'password': '******',
'email': 'fake',
'registry': 'quay.io'
}
client = {}
client['Status'] = 'Login Succeeded'
self.client.client.login.return_value = client
get_port('ozzy/embryo:git-f2a8020', False, creds)
self.assertTrue(self.client.client.login.called)
self.assertTrue(self.client.client.pull.called)
self.assertTrue(self.client.client.inspect_image.called)
def test_login_bad_creds(self, mock_client):
self.client = DockerClient()
# missing parts of credentials
with self.assertRaises(PermissionDenied):
creds = {
'username': '******',
'email': 'fake',
'registry': 'quay.io'
}
self.client.login('quay.io/deis/foobar', creds)
# bad credentials
with self.assertRaises(PermissionDenied):
creds = {
'username': '******',
'password': '******',
'email': 'fake',
'registry': 'quay.io'
}
self.client.login('quay.io/deis/foobar', creds)
def test_login_failed(self, mock_client):
self.client = DockerClient()
# failed login
client = {}
client['Status'] = 'Login Failed'
self.client.client.login.return_value = client
creds = {
'username': '******',
'password': '******',
'email': 'fake',
'registry': 'quay.io'
}
with self.assertRaises(PermissionDenied):
self.client.login('quay.io/deis/foobar', creds)
docker_login = self.client.client.login
docker_login.assert_called_with(username='******',
password='******',
email='fake',
registry='quay.io')
def test_tag(self, mock_client):
self.client = DockerClient()
self.client.tag('ozzy/embryo:git-f2a8020', 'ozzy/embryo', 'v4')
docker_tag = self.client.client.tag
docker_tag.assert_called_once_with('ozzy/embryo:git-f2a8020',
'ozzy/embryo',
tag='v4',
force=True)
# fake failed tag
self.client.client.tag.return_value = False
with self.assertRaises(RegistryException):
self.client.tag('foo/bar:latest', 'foo/bar', 'v1.11.1')
# Test that blacklisted image names can't be tagged
with self.assertRaises(PermissionDenied):
self.client.tag('deis/controller:v1.11.1', 'deis/controller',
'v1.11.1')
with self.assertRaises(PermissionDenied):
self.client.tag('localhost:5000/deis/controller:v1.11.1',
'deis/controller', 'v1.11.1')
def test_login(self, mock_client):
self.client = DockerClient()
# success
client = {}
client['Status'] = 'Login Succeeded'
self.client.client.login.return_value = client
creds = {
'username': '******',
'password': '******',
'email': 'fake',
'registry': 'quay.io'
}
self.client.login('quay.io/deis/foobar', creds)
docker_login = self.client.client.login
docker_login.assert_called_with(username='******',
password='******',
email='fake',
registry='quay.io')
# username matches
client = {}
client['username'] = '******'
self.client.client.login.return_value = client
creds = {
'username': '******',
'password': '******',
'email': 'fake',
'registry': 'quay.io'
}
self.client.login('quay.io/deis/foobar', creds)
docker_login = self.client.client.login
docker_login.assert_called_with(username='******',
password='******',
email='fake',
registry='quay.io')
def test_tag(self, mock_client):
self.client = DockerClient()
self.client.tag('ozzy/embryo:git-f2a8020', 'ozzy/embryo', 'v4')
docker_tag = self.client.client.tag
docker_tag.assert_called_once_with(
'ozzy/embryo:git-f2a8020', 'ozzy/embryo', tag='v4', force=True)
# fake failed tag
self.client.client.tag.return_value = False
with self.assertRaises(RegistryException):
self.client.tag('foo/bar:latest', 'foo/bar', 'v1.11.1')
# Test that blacklisted image names can't be tagged
with self.assertRaises(PermissionDenied):
self.client.tag('deis/controller:v1.11.1', 'deis/controller', 'v1.11.1')
with self.assertRaises(PermissionDenied):
self.client.tag('localhost:5000/deis/controller:v1.11.1', 'deis/controller', 'v1.11.1')
def test_publish_release(self, mock_client):
self.client = DockerClient()
self.client.publish_release('ozzy/embryo:git-f2a8020', 'ozzy/embryo:v4', True)
self.assertTrue(self.client.client.pull.called)
self.assertTrue(self.client.client.tag.called)
self.assertTrue(self.client.client.push.called)
# Test that a registry host prefix is replaced with deis-registry for the target
self.client.publish_release('ozzy/embryo:git-f2a8020', 'quay.io/ozzy/embryo:v4', True)
docker_push = self.client.client.push
docker_push.assert_called_with(
'localhost:5000/ozzy/embryo', tag='v4', insecure_registry=True, stream=True)
# Test that blacklisted image names can't be published
with self.assertRaises(PermissionDenied):
self.client.publish_release(
'deis/controller:v1.11.1', 'deis/controller:v1.11.1', True)
with self.assertRaises(PermissionDenied):
self.client.publish_release(
'localhost:5000/deis/controller:v1.11.1', 'deis/controller:v1.11.1', True)
def test_build(self, mock_client):
# test that self.client.build was called with proper arguments
self.client = DockerClient()
self.client.build('ozzy/embryo:git-f3a8020', {'POWERED_BY': 'Deis'}, 'ozzy/embryo', 'v4')
docker_build = self.client.client.build
self.assertTrue(docker_build.called)
args = {"rm": True, "tag": u'localhost:5000/ozzy/embryo:v4', "stream": True}
kwargs = docker_build.call_args[1]
self.assertDictContainsSubset(args, kwargs)
# test that the fileobj arg to "docker build" contains a correct Dockerfile
f = kwargs['fileobj']
self.assertEqual(f.read(), "FROM ozzy/embryo:git-f3a8020\nENV POWERED_BY='Deis'")
# Test that blacklisted image names can't be built
with self.assertRaises(PermissionDenied):
self.client.build('deis/controller:v1.11.1', {}, 'deis/controller', 'v1.11.1')
with self.assertRaises(PermissionDenied):
self.client.build(
'localhost:5000/deis/controller:v1.11.1', {}, 'deis/controller', 'v1.11.1')
def test_publish_release(self, mock_client):
self.client = DockerClient()
# Make sure login is not called when there are no creds
publish_release('ozzy/embryo:git-f2a8020', 'ozzy/embryo:v4', False)
self.assertFalse(self.client.client.login.called)
creds = {
'username': '******',
'password': '******',
'email': 'fake',
'registry': 'quay.io'
}
client = {}
client['Status'] = 'Login Succeeded'
self.client.client.login.return_value = client
publish_release('ozzy/embryo:git-f2a8020', 'ozzy/embryo:v4', False, creds)
self.assertTrue(self.client.client.login.called)
self.assertTrue(self.client.client.pull.called)
self.assertTrue(self.client.client.tag.called)
self.assertTrue(self.client.client.push.called)
publish_release('ozzy/embryo:git-f2a8020', 'ozzy/embryo:v4', True)
self.assertTrue(self.client.client.pull.called)
self.assertTrue(self.client.client.tag.called)
self.assertTrue(self.client.client.push.called)
# Test that a registry host prefix is replaced with deis-registry for the target
publish_release('ozzy/embryo:git-f2a8020', 'quay.io/ozzy/embryo:v4', True)
docker_push = self.client.client.push
docker_push.assert_called_with(
'localhost:5000/ozzy/embryo', tag='v4', insecure_registry=True,
decode=True, stream=True)
# Test that blacklisted image names can't be published
with self.assertRaises(PermissionDenied):
publish_release(
'deis/controller:v1.11.1', 'deis/controller:v1.11.1', True)
with self.assertRaises(PermissionDenied):
publish_release(
'localhost:5000/deis/controller:v1.11.1', 'deis/controller:v1.11.1', True)
def test_login_bad_creds(self, mock_client):
self.client = DockerClient()
# missing parts of credentials
with self.assertRaises(PermissionDenied):
creds = {
'username': '******',
'email': 'fake',
'registry': 'quay.io'
}
self.client.login('quay.io/deis/foobar', creds)
# bad credentials
with self.assertRaises(PermissionDenied):
creds = {
'username': '******',
'password': '******',
'email': 'fake',
'registry': 'quay.io'
}
self.client.login('quay.io/deis/foobar', creds)
def test_get_port(self, mock_client):
self.client = DockerClient()
# Make sure login is not called when there are no creds
get_port('ozzy/embryo:git-f2a8020', False)
self.assertFalse(self.client.client.login.called)
creds = {
'username': '******',
'password': '******',
'email': 'fake',
'registry': 'quay.io'
}
client = {}
client['Status'] = 'Login Succeeded'
self.client.client.login.return_value = client
get_port('ozzy/embryo:git-f2a8020', False, creds)
self.assertTrue(self.client.client.login.called)
self.assertTrue(self.client.client.pull.called)
self.assertTrue(self.client.client.inspect_image.called)
def test_login_failed(self, mock_client):
self.client = DockerClient()
# failed login
client = {}
client['Status'] = 'Login Failed'
self.client.client.login.return_value = client
creds = {
'username': '******',
'password': '******',
'email': 'fake',
'registry': 'quay.io'
}
with self.assertRaises(PermissionDenied):
self.client.login('quay.io/deis/foobar', creds)
docker_login = self.client.client.login
docker_login.assert_called_with(
username='******', password='******',
email='fake', registry='quay.io'
)
def test_login(self, mock_client):
self.client = DockerClient()
# success
client = {}
client['Status'] = 'Login Succeeded'
self.client.client.login.return_value = client
creds = {
'username': '******',
'password': '******',
'email': 'fake',
'registry': 'quay.io'
}
self.client.login('quay.io/deis/foobar', creds)
docker_login = self.client.client.login
docker_login.assert_called_with(
username='******', password='******',
email='fake', registry='quay.io'
)
# username matches
client = {}
client['username'] = '******'
self.client.client.login.return_value = client
creds = {
'username': '******',
'password': '******',
'email': 'fake',
'registry': 'quay.io'
}
self.client.login('quay.io/deis/foobar', creds)
docker_login = self.client.client.login
docker_login.assert_called_with(
username='******', password='******',
email='fake', registry='quay.io'
)
class DockerClientTest(unittest.TestCase):
"""Test that the client makes appropriate Docker engine API calls."""
def setUp(self):
settings.REGISTRY_HOST, settings.REGISTRY_PORT = 'localhost', 5000
def test_get_port(self, mock_client):
self.client = DockerClient()
# Make sure login is not called when there are no creds
get_port('ozzy/embryo:git-f2a8020', False)
self.assertFalse(self.client.client.login.called)
creds = {
'username': '******',
'password': '******',
'email': 'fake',
'registry': 'quay.io'
}
client = {}
client['Status'] = 'Login Succeeded'
self.client.client.login.return_value = client
get_port('ozzy/embryo:git-f2a8020', False, creds)
self.assertTrue(self.client.client.login.called)
self.assertTrue(self.client.client.pull.called)
self.assertTrue(self.client.client.inspect_image.called)
def test_publish_release(self, mock_client):
self.client = DockerClient()
# Make sure login is not called when there are no creds
publish_release('ozzy/embryo:git-f2a8020', 'ozzy/embryo:v4', False)
self.assertFalse(self.client.client.login.called)
creds = {
'username': '******',
'password': '******',
'email': 'fake',
'registry': 'quay.io'
}
client = {}
client['Status'] = 'Login Succeeded'
self.client.client.login.return_value = client
publish_release('ozzy/embryo:git-f2a8020', 'ozzy/embryo:v4', False,
creds)
self.assertTrue(self.client.client.login.called)
self.assertTrue(self.client.client.pull.called)
self.assertTrue(self.client.client.tag.called)
self.assertTrue(self.client.client.push.called)
publish_release('ozzy/embryo:git-f2a8020', 'ozzy/embryo:v4', True)
self.assertTrue(self.client.client.pull.called)
self.assertTrue(self.client.client.tag.called)
self.assertTrue(self.client.client.push.called)
# Test that a registry host prefix is replaced with deis-registry for the target
publish_release('ozzy/embryo:git-f2a8020', 'quay.io/ozzy/embryo:v4',
True)
docker_push = self.client.client.push
docker_push.assert_called_with('localhost:5000/ozzy/embryo',
tag='v4',
decode=True,
stream=True)
# Test that blacklisted image names can't be published
with self.assertRaises(PermissionDenied):
publish_release('deis/controller:v1.11.1',
'deis/controller:v1.11.1', True)
with self.assertRaises(PermissionDenied):
publish_release('localhost:5000/deis/controller:v1.11.1',
'deis/controller:v1.11.1', True)
def test_login(self, mock_client):
self.client = DockerClient()
# success
client = {}
client['Status'] = 'Login Succeeded'
self.client.client.login.return_value = client
creds = {
'username': '******',
'password': '******',
'email': 'fake',
'registry': 'quay.io'
}
self.client.login('quay.io/deis/foobar', creds)
docker_login = self.client.client.login
docker_login.assert_called_with(username='******',
password='******',
email='fake',
registry='quay.io')
# username matches
client = {}
client['username'] = '******'
self.client.client.login.return_value = client
creds = {
'username': '******',
'password': '******',
'email': 'fake',
'registry': 'quay.io'
}
self.client.login('quay.io/deis/foobar', creds)
docker_login = self.client.client.login
docker_login.assert_called_with(username='******',
password='******',
email='fake',
registry='quay.io')
def test_login_failed(self, mock_client):
self.client = DockerClient()
# failed login
client = {}
client['Status'] = 'Login Failed'
self.client.client.login.return_value = client
creds = {
'username': '******',
'password': '******',
'email': 'fake',
'registry': 'quay.io'
}
with self.assertRaises(PermissionDenied):
self.client.login('quay.io/deis/foobar', creds)
docker_login = self.client.client.login
docker_login.assert_called_with(username='******',
password='******',
email='fake',
registry='quay.io')
def test_login_bad_creds(self, mock_client):
self.client = DockerClient()
# missing parts of credentials
with self.assertRaises(PermissionDenied):
creds = {
'username': '******',
'email': 'fake',
'registry': 'quay.io'
}
self.client.login('quay.io/deis/foobar', creds)
# bad credentials
with self.assertRaises(PermissionDenied):
creds = {
'username': '******',
'password': '******',
'email': 'fake',
'registry': 'quay.io'
}
self.client.login('quay.io/deis/foobar', creds)
def test_pull(self, mock_client):
self.client = DockerClient()
self.client.pull('alpine', '3.2')
docker_pull = self.client.client.pull
docker_pull.assert_called_once_with('alpine',
tag='3.2',
decode=True,
stream=True)
# Test that blacklisted image names can't be pulled
with self.assertRaises(PermissionDenied):
self.client.pull('deis/controller', 'v1.11.1')
with self.assertRaises(PermissionDenied):
self.client.pull('localhost:5000/deis/controller', 'v1.11.1')
def test_push(self, mock_client):
self.client = DockerClient()
self.client.push('ozzy/embryo', 'v4')
docker_push = self.client.client.push
docker_push.assert_called_once_with('ozzy/embryo',
tag='v4',
decode=True,
stream=True)
def test_tag(self, mock_client):
self.client = DockerClient()
self.client.tag('ozzy/embryo:git-f2a8020', 'ozzy/embryo', 'v4')
docker_tag = self.client.client.tag
docker_tag.assert_called_once_with('ozzy/embryo:git-f2a8020',
'ozzy/embryo',
tag='v4',
force=True)
# fake failed tag
self.client.client.tag.return_value = False
with self.assertRaises(RegistryException):
self.client.tag('foo/bar:latest', 'foo/bar', 'v1.11.1')
# Test that blacklisted image names can't be tagged
with self.assertRaises(PermissionDenied):
self.client.tag('deis/controller:v1.11.1', 'deis/controller',
'v1.11.1')
with self.assertRaises(PermissionDenied):
self.client.tag('localhost:5000/deis/controller:v1.11.1',
'deis/controller', 'v1.11.1')
def test_push(self, mock_client):
self.client = DockerClient()
self.client.push('ozzy/embryo', 'v4')
docker_push = self.client.client.push
docker_push.assert_called_once_with(
'ozzy/embryo', tag='v4', insecure_registry=True, stream=True)
class DockerClientTest(unittest.TestCase):
"""Test that the client makes appropriate Docker engine API calls."""
def setUp(self):
settings.REGISTRY_HOST, settings.REGISTRY_PORT = 'localhost', 5000
def test_publish_release(self, mock_client):
self.client = DockerClient()
self.client.publish_release('ozzy/embryo:git-f2a8020',
{'POWERED_BY': 'Deis'}, 'ozzy/embryo:v4', True)
self.assertTrue(self.client.client.pull.called)
self.assertTrue(self.client.client.tag.called)
self.assertTrue(self.client.client.build.called)
self.assertTrue(self.client.client.push.called)
# Test that a registry host prefix is replaced with deis-registry for the target
self.client.publish_release('ozzy/embryo:git-f2a8020',
{'POWERED_BY': 'Deis'}, 'quay.io/ozzy/embryo:v4', True)
docker_push = self.client.client.push
docker_push.assert_called_with(
'localhost:5000/ozzy/embryo', tag='v4', insecure_registry=True, stream=True)
# Test that blacklisted image names can't be published
with self.assertRaises(PermissionDenied):
self.client.publish_release(
'deis/controller:v1.11.1', {}, 'deis/controller:v1.11.1', True)
with self.assertRaises(PermissionDenied):
self.client.publish_release(
'localhost:5000/deis/controller:v1.11.1', {}, 'deis/controller:v1.11.1', True)
def test_build(self, mock_client):
# test that self.client.build was called with proper arguments
self.client = DockerClient()
self.client.build('ozzy/embryo:git-f3a8020', {'POWERED_BY': 'Deis'}, 'ozzy/embryo', 'v4')
docker_build = self.client.client.build
self.assertTrue(docker_build.called)
args = {"rm": True, "tag": u'localhost:5000/ozzy/embryo:v4', "stream": True}
kwargs = docker_build.call_args[1]
self.assertDictContainsSubset(args, kwargs)
# test that the fileobj arg to "docker build" contains a correct Dockerfile
f = kwargs['fileobj']
self.assertEqual(f.read(), "FROM ozzy/embryo:git-f3a8020\nENV POWERED_BY='Deis'")
# Test that blacklisted image names can't be built
with self.assertRaises(PermissionDenied):
self.client.build('deis/controller:v1.11.1', {}, 'deis/controller', 'v1.11.1')
with self.assertRaises(PermissionDenied):
self.client.build(
'localhost:5000/deis/controller:v1.11.1', {}, 'deis/controller', 'v1.11.1')
def test_pull(self, mock_client):
self.client = DockerClient()
self.client.pull('alpine', '3.2')
docker_pull = self.client.client.pull
docker_pull.assert_called_once_with(
'alpine', tag='3.2', insecure_registry=True, stream=True)
# Test that blacklisted image names can't be pulled
with self.assertRaises(PermissionDenied):
self.client.pull('deis/controller', 'v1.11.1')
with self.assertRaises(PermissionDenied):
self.client.pull('localhost:5000/deis/controller', 'v1.11.1')
def test_push(self, mock_client):
self.client = DockerClient()
self.client.push('ozzy/embryo', 'v4')
docker_push = self.client.client.push
docker_push.assert_called_once_with(
'ozzy/embryo', tag='v4', insecure_registry=True, stream=True)
def test_tag(self, mock_client):
self.client = DockerClient()
self.client.tag('ozzy/embryo:git-f2a8020', 'ozzy/embryo', 'v4')
docker_tag = self.client.client.tag
docker_tag.assert_called_once_with(
'ozzy/embryo:git-f2a8020', 'ozzy/embryo', tag='v4', force=True)
# Test that blacklisted image names can't be tagged
with self.assertRaises(PermissionDenied):
self.client.tag('deis/controller:v1.11.1', 'deis/controller', 'v1.11.1')
with self.assertRaises(PermissionDenied):
self.client.tag('localhost:5000/deis/controller:v1.11.1', 'deis/controller', 'v1.11.1')
def test_strip_prefix(self, mock_client):
self.assertEqual(strip_prefix('quay.io/boris/riotsugar'), 'boris/riotsugar')
self.assertEqual(strip_prefix('127.0.0.1:5000/boris/galaxians'), 'boris/galaxians')
self.assertEqual(strip_prefix('boris/jacksonhead'), 'boris/jacksonhead')
self.assertEqual(strip_prefix(':8888/boris/pink'), 'boris/pink')
class DockerClientTest(unittest.TestCase):
"""Test that the client makes appropriate Docker engine API calls."""
def setUp(self):
settings.REGISTRY_HOST, settings.REGISTRY_PORT = 'localhost', 5000
def test_publish_release(self, mock_client):
self.client = DockerClient()
self.client.publish_release('ozzy/embryo:git-f2a8020', 'ozzy/embryo:v4', True)
self.assertTrue(self.client.client.pull.called)
self.assertTrue(self.client.client.tag.called)
self.assertTrue(self.client.client.push.called)
# Test that a registry host prefix is replaced with deis-registry for the target
self.client.publish_release('ozzy/embryo:git-f2a8020', 'quay.io/ozzy/embryo:v4', True)
docker_push = self.client.client.push
docker_push.assert_called_with(
'localhost:5000/ozzy/embryo', tag='v4', insecure_registry=True, stream=True)
# Test that blacklisted image names can't be published
with self.assertRaises(PermissionDenied):
self.client.publish_release(
'deis/controller:v1.11.1', 'deis/controller:v1.11.1', True)
with self.assertRaises(PermissionDenied):
self.client.publish_release(
'localhost:5000/deis/controller:v1.11.1', 'deis/controller:v1.11.1', True)
def test_pull(self, mock_client):
self.client = DockerClient()
self.client.pull('alpine', '3.2')
docker_pull = self.client.client.pull
docker_pull.assert_called_once_with(
'alpine', tag='3.2', insecure_registry=True, stream=True)
# Test that blacklisted image names can't be pulled
with self.assertRaises(PermissionDenied):
self.client.pull('deis/controller', 'v1.11.1')
with self.assertRaises(PermissionDenied):
self.client.pull('localhost:5000/deis/controller', 'v1.11.1')
def test_push(self, mock_client):
self.client = DockerClient()
self.client.push('ozzy/embryo', 'v4')
docker_push = self.client.client.push
docker_push.assert_called_once_with(
'ozzy/embryo', tag='v4', insecure_registry=True, stream=True)
def test_tag(self, mock_client):
self.client = DockerClient()
self.client.tag('ozzy/embryo:git-f2a8020', 'ozzy/embryo', 'v4')
docker_tag = self.client.client.tag
docker_tag.assert_called_once_with(
'ozzy/embryo:git-f2a8020', 'ozzy/embryo', tag='v4', force=True)
# Test that blacklisted image names can't be tagged
with self.assertRaises(PermissionDenied):
self.client.tag('deis/controller:v1.11.1', 'deis/controller', 'v1.11.1')
with self.assertRaises(PermissionDenied):
self.client.tag('localhost:5000/deis/controller:v1.11.1', 'deis/controller', 'v1.11.1')
def test_strip_prefix(self, mock_client):
self.assertEqual(strip_prefix('quay.io/boris/riotsugar'), 'boris/riotsugar')
self.assertEqual(strip_prefix('127.0.0.1:5000/boris/galaxians'), 'boris/galaxians')
self.assertEqual(strip_prefix('boris/jacksonhead'), 'boris/jacksonhead')
self.assertEqual(strip_prefix(':8888/boris/pink'), 'boris/pink')
from .local_settings import * # noqa
except ImportError:
pass
# have confd_settings within container execution override all others
# including local_settings (which may end up in the container)
if os.path.exists('/templates/confd_settings.py'):
sys.path.append('/templates')
from confd_settings import * # noqa
# Disable swap when mem limits are set, unless Docker is too old
DISABLE_SWAP = '--memory-swap=-1'
try:
version = 'unknown'
from registry.dockerclient import DockerClient
version = DockerClient().client.version().get('Version')
if not semver.validate(
version) or semver.Version(version) < semver.Version('1.5.0'):
DISABLE_SWAP = ''
except:
print("Not disabling --memory-swap for Docker version {}".format(version))
# LDAP Backend Configuration
# Should be always after the confd_settings import.
LDAP_USER_SEARCH = LDAPSearch(base_dn=USER_BASEDN,
scope=ldap.SCOPE_SUBTREE,
filterstr="(%s=%%(user)s)" % USER_FILTER)
LDAP_GROUP_SEARCH = LDAPSearch(base_dn=GROUP_BASEDN,
scope=ldap.SCOPE_SUBTREE,
filterstr="(%s=%s)" %
(GROUP_FILTER, GROUP_TYPE))
class DockerClientTest(unittest.TestCase):
"""Test that the client makes appropriate Docker engine API calls."""
def setUp(self):
settings.REGISTRY_HOST, settings.REGISTRY_PORT = 'localhost', 5000
def test_get_port(self, mock_client):
self.client = DockerClient()
# Make sure login is not called when there are no creds
get_port('ozzy/embryo:git-f2a8020', False)
self.assertFalse(self.client.client.login.called)
creds = {
'username': '******',
'password': '******',
'email': 'fake',
'registry': 'quay.io'
}
client = {}
client['Status'] = 'Login Succeeded'
self.client.client.login.return_value = client
get_port('ozzy/embryo:git-f2a8020', False, creds)
self.assertTrue(self.client.client.login.called)
self.assertTrue(self.client.client.pull.called)
self.assertTrue(self.client.client.inspect_image.called)
def test_publish_release(self, mock_client):
self.client = DockerClient()
# Make sure login is not called when there are no creds
publish_release('ozzy/embryo:git-f2a8020', 'ozzy/embryo:v4', False)
self.assertFalse(self.client.client.login.called)
creds = {
'username': '******',
'password': '******',
'email': 'fake',
'registry': 'quay.io'
}
client = {}
client['Status'] = 'Login Succeeded'
self.client.client.login.return_value = client
publish_release('ozzy/embryo:git-f2a8020', 'ozzy/embryo:v4', False, creds)
self.assertTrue(self.client.client.login.called)
self.assertTrue(self.client.client.pull.called)
self.assertTrue(self.client.client.tag.called)
self.assertTrue(self.client.client.push.called)
publish_release('ozzy/embryo:git-f2a8020', 'ozzy/embryo:v4', True)
self.assertTrue(self.client.client.pull.called)
self.assertTrue(self.client.client.tag.called)
self.assertTrue(self.client.client.push.called)
# Test that a registry host prefix is replaced with deis-registry for the target
publish_release('ozzy/embryo:git-f2a8020', 'quay.io/ozzy/embryo:v4', True)
docker_push = self.client.client.push
docker_push.assert_called_with(
'localhost:5000/ozzy/embryo', tag='v4', insecure_registry=True,
decode=True, stream=True)
# Test that blacklisted image names can't be published
with self.assertRaises(PermissionDenied):
publish_release(
'deis/controller:v1.11.1', 'deis/controller:v1.11.1', True)
with self.assertRaises(PermissionDenied):
publish_release(
'localhost:5000/deis/controller:v1.11.1', 'deis/controller:v1.11.1', True)
def test_login(self, mock_client):
self.client = DockerClient()
# success
client = {}
client['Status'] = 'Login Succeeded'
self.client.client.login.return_value = client
creds = {
'username': '******',
'password': '******',
'email': 'fake',
'registry': 'quay.io'
}
self.client.login('quay.io/deis/foobar', creds)
docker_login = self.client.client.login
docker_login.assert_called_with(
username='******', password='******',
email='fake', registry='quay.io'
)
# username matches
client = {}
client['username'] = '******'
self.client.client.login.return_value = client
creds = {
'username': '******',
'password': '******',
'email': 'fake',
'registry': 'quay.io'
}
self.client.login('quay.io/deis/foobar', creds)
docker_login = self.client.client.login
docker_login.assert_called_with(
username='******', password='******',
email='fake', registry='quay.io'
)
def test_login_failed(self, mock_client):
self.client = DockerClient()
# failed login
client = {}
client['Status'] = 'Login Failed'
self.client.client.login.return_value = client
creds = {
'username': '******',
'password': '******',
'email': 'fake',
'registry': 'quay.io'
}
with self.assertRaises(PermissionDenied):
self.client.login('quay.io/deis/foobar', creds)
docker_login = self.client.client.login
docker_login.assert_called_with(
username='******', password='******',
email='fake', registry='quay.io'
)
def test_login_bad_creds(self, mock_client):
self.client = DockerClient()
# missing parts of credentials
with self.assertRaises(PermissionDenied):
creds = {
'username': '******',
'email': 'fake',
'registry': 'quay.io'
}
self.client.login('quay.io/deis/foobar', creds)
# bad credentials
with self.assertRaises(PermissionDenied):
creds = {
'username': '******',
'password': '******',
'email': 'fake',
'registry': 'quay.io'
}
self.client.login('quay.io/deis/foobar', creds)
def test_pull(self, mock_client):
self.client = DockerClient()
self.client.pull('alpine', '3.2')
docker_pull = self.client.client.pull
docker_pull.assert_called_once_with(
'alpine', tag='3.2', insecure_registry=True, decode=True, stream=True)
# Test that blacklisted image names can't be pulled
with self.assertRaises(PermissionDenied):
self.client.pull('deis/controller', 'v1.11.1')
with self.assertRaises(PermissionDenied):
self.client.pull('localhost:5000/deis/controller', 'v1.11.1')
def test_push(self, mock_client):
self.client = DockerClient()
self.client.push('ozzy/embryo', 'v4')
docker_push = self.client.client.push
docker_push.assert_called_once_with(
'ozzy/embryo', tag='v4', insecure_registry=True, decode=True, stream=True)
def test_tag(self, mock_client):
self.client = DockerClient()
self.client.tag('ozzy/embryo:git-f2a8020', 'ozzy/embryo', 'v4')
docker_tag = self.client.client.tag
docker_tag.assert_called_once_with(
'ozzy/embryo:git-f2a8020', 'ozzy/embryo', tag='v4', force=True)
# fake failed tag
self.client.client.tag.return_value = False
with self.assertRaises(RegistryException):
self.client.tag('foo/bar:latest', 'foo/bar', 'v1.11.1')
# Test that blacklisted image names can't be tagged
with self.assertRaises(PermissionDenied):
self.client.tag('deis/controller:v1.11.1', 'deis/controller', 'v1.11.1')
with self.assertRaises(PermissionDenied):
self.client.tag('localhost:5000/deis/controller:v1.11.1', 'deis/controller', 'v1.11.1')