예제 #1
0
    def __init__(self, tasker, workflow, registries=None, group=True, goarch=None):
        """
        constructor

        :param tasker: DockerTasker instance
        :param workflow: DockerBuildWorkflow instance
        :param registries: dict, keys are docker registries, values are dicts containing
                           per-registry parameters.
                           Params:
                            * "secret" optional string - path to the secret, which stores
                              login and password for remote registry
        :param group: bool, if true, create a manifest list; otherwise only add tags to
                      amd64 image manifest
        :param goarch: dict, keys are platform, values are go language platform names
        """
        # call parent constructor
        super(GroupManifestsPlugin, self).__init__(tasker, workflow)

        self.group = get_group_manifests(self.workflow, group)

        plat_des_fallback = []
        for platform, architecture in (goarch or {}).items():
            plat_dic = {'platform': platform,
                        'architecture': architecture}
            plat_des_fallback.append(plat_dic)

        platform_descriptors = get_platform_descriptors(self.workflow, plat_des_fallback)
        goarch_from_pd = {}
        for platform in platform_descriptors:
            goarch_from_pd[platform['platform']] = platform['architecture']
        self.goarch = goarch_from_pd

        self.registries = get_registries(self.workflow, deepcopy(registries or {}))
        self.worker_registries = {}
예제 #2
0
    def __init__(self, tasker, workflow, registries=None):
        """
        :param tasker: DockerTasker instance
        :param workflow: DockerBuildWorkflow instance
        :param registries: dict, keys are docker registries, values are dicts containing
                           per-registry parameters.
                           Params:
                            * "secret" optional string - path to the secret, which stores
                              login and password for remote registry
        """
        super(DeleteFromRegistryPlugin, self).__init__(tasker, workflow)

        self.registries = get_registries(self.workflow,
                                         deepcopy(registries or {}))
예제 #3
0
    def __init__(self, tasker, workflow, registries=None):
        """
        constructor

        :param tasker: DockerTasker instance
        :param workflow: DockerBuildWorkflow instance
        :param registries: dict, keys are docker registries, values are dicts containing
                           per-registry parameters.
                           Params:
                            * "insecure" optional boolean - controls whether pushes are allowed over
                              plain HTTP.
                            * "secret" optional string - path to the secret, which stores
                              email, login and password for remote registry
        """
        # call parent constructor
        super(TagAndPushPlugin, self).__init__(tasker, workflow)

        self.registries = get_registries(self.workflow, deepcopy(registries or {}))
        self.group = get_group_manifests(self.workflow, False)
예제 #4
0
    def __init__(self, tasker, workflow, registries=None):
        """
        constructor

        :param tasker: DockerTasker instance
        :param workflow: DockerBuildWorkflow instance
        :param registries: dict, keys are docker registries, values are dicts containing
                           per-registry parameters.
                           Params:
                            * "insecure" optional boolean - controls whether pushes are allowed over
                              plain HTTP.
                            * "secret" optional string - path to the secret, which stores
                              email, login and password for remote registry
        """
        # call parent constructor
        super(TagAndPushPlugin, self).__init__(tasker, workflow)

        self.registries = get_registries(self.workflow,
                                         deepcopy(registries or {}))
예제 #5
0
    def __init__(self,
                 tasker,
                 workflow,
                 registries=None,
                 group=True,
                 goarch=None):
        """
        constructor

        :param tasker: DockerTasker instance
        :param workflow: DockerBuildWorkflow instance
        :param registries: dict, keys are docker registries, values are dicts containing
                           per-registry parameters.
                           Params:
                            * "secret" optional string - path to the secret, which stores
                              login and password for remote registry
        :param group: bool, if true, create a manifest list; otherwise only add tags to
                      amd64 image manifest
        :param goarch: dict, keys are platform, values are go language platform names
        """
        # call parent constructor
        super(GroupManifestsPlugin, self).__init__(tasker, workflow)

        self.group = get_group_manifests(self.workflow, group)

        plat_des_fallback = []
        for platform, architecture in (goarch or {}).items():
            plat_dic = {'platform': platform, 'architecture': architecture}
            plat_des_fallback.append(plat_dic)

        platform_descriptors = get_platform_descriptors(
            self.workflow, plat_des_fallback)
        goarch_from_pd = {}
        for platform in platform_descriptors:
            goarch_from_pd[platform['platform']] = platform['architecture']
        self.goarch = goarch_from_pd

        self.registries = get_registries(self.workflow,
                                         deepcopy(registries or {}))
        self.worker_registries = {}
예제 #6
0
 def __init__(self, workflow, registries, log):
     self.push_conf = workflow.push_conf
     self.registries = get_registries(workflow, deepcopy(registries or {}))
     self.worker_registries = {}
     self.log = log
예제 #7
0
    def run(self):
        # Only run if the build was successful
        if self.workflow.build_process_failed:
            self.log.info("Not running for failed build")
            return []

        # Work out the name of the image to pull
        if not self.workflow.tag_conf.unique_images:
            raise ValueError("no unique image set, impossible to verify media types")
        if self.workflow.push_conf.pulp_registries:
            self.log.info("pulp registry configure, verify_media_types should not run")
            return
        image = self.workflow.tag_conf.unique_images[0]

        registries = deepcopy(get_registries(self.workflow, {}))
        media_in_registry = {}
        expect_list_only = self.get_manifest_list_only_expectation()

        for registry_name, registry in registries.items():
            expected_media_types = set(registry.get('expected_media_types', []))
            media_types = set()

            if expect_list_only:
                expected_media_types = set([MEDIA_TYPE_DOCKER_V2_MANIFEST_LIST])

            media_in_registry[registry_name] = {'expected': expected_media_types}

            pullspec = image.copy()
            pullspec.registry = registry_name
            insecure = registry.get('insecure', False)
            secret = registry.get('secret', None)

            digests = get_manifest_digests(pullspec, registry_name, insecure, secret,
                                           require_digest=False)
            if digests:
                if digests.v2_list:
                    media_types.add(MEDIA_TYPE_DOCKER_V2_MANIFEST_LIST)
                if digests.v2:
                    media_types.add(MEDIA_TYPE_DOCKER_V2_SCHEMA2)
                if digests.v1:
                    media_types.add(MEDIA_TYPE_DOCKER_V2_SCHEMA1)
                if digests.oci:
                    media_types.add(MEDIA_TYPE_OCI_V1)
                if digests.oci_index:
                    media_types.add(MEDIA_TYPE_OCI_V1_INDEX)

            if verify_v1_image(pullspec, registry_name, self.log, insecure, secret):
                media_types.add(MEDIA_TYPE_DOCKER_V1)

            media_in_registry[registry_name]['found'] = media_types

        should_raise = False
        all_found = set()
        for registry_name, manifests in media_in_registry.items():
            all_found.update(manifests['found'])
            if manifests['expected'] - manifests['found']:
                should_raise = True
                self.log.error("expected media types %s not in available media types %s,"
                               " for registry %s",
                               sorted(manifests['expected'] - manifests['found']),
                               sorted(manifests['found']),
                               registry_name)

        if should_raise:
            raise KeyError("expected media types were not found")

        if expect_list_only:
            return [MEDIA_TYPE_DOCKER_V2_MANIFEST_LIST]
        return sorted(all_found)
예제 #8
0
    def run(self):
        # Only run if the build was successful
        if self.workflow.build_process_failed:
            self.log.info("Not running for failed build")
            return []

        # Work out the name of the image to pull
        if not self.workflow.tag_conf.unique_images:
            raise ValueError("no unique image set, impossible to verify media types")
        if self.workflow.push_conf.pulp_registries:
            self.log.info("pulp registry configure, verify_media_types should not run")
            return
        image = self.workflow.tag_conf.unique_images[0]

        media_types = set()
        registries = deepcopy(get_registries(self.workflow, {}))
        for registry_name, registry in registries.items():
            initial_media_types = registry.get('expected_media_types', [])
            if not initial_media_types:
                continue

            expected_media_types = self.set_manifest_list_expectations(initial_media_types)

            pullspec = image.copy()
            pullspec.registry = registry_name
            insecure = registry.get('insecure', False)
            secret = registry.get('secret', None)

            check_digests = (MEDIA_TYPE_DOCKER_V2_MANIFEST_LIST in expected_media_types or
                             MEDIA_TYPE_DOCKER_V2_SCHEMA2 in expected_media_types or
                             MEDIA_TYPE_DOCKER_V2_SCHEMA1 in expected_media_types)
            if check_digests:
                digests = get_manifest_digests(pullspec, registry_name, insecure, secret,
                                               require_digest=False)
                if digests:
                    if digests.v2_list:
                        self.log.info("Manifest list found")
                        if MEDIA_TYPE_DOCKER_V2_MANIFEST_LIST in expected_media_types:
                            media_types.add(MEDIA_TYPE_DOCKER_V2_MANIFEST_LIST)
                    if digests.v2:
                        self.log.info("V2 schema 2 digest found")
                        if MEDIA_TYPE_DOCKER_V2_SCHEMA2 in expected_media_types:
                            media_types.add(MEDIA_TYPE_DOCKER_V2_SCHEMA2)
                    if digests.v1:
                        self.log.info("V2 schema 1 digest found")
                        if MEDIA_TYPE_DOCKER_V2_SCHEMA1 in expected_media_types:
                            media_types.add(MEDIA_TYPE_DOCKER_V2_SCHEMA1)

            if MEDIA_TYPE_DOCKER_V1 in expected_media_types:
                if verify_v1_image(pullspec, registry_name, self.log, insecure, secret):
                    media_types.add(MEDIA_TYPE_DOCKER_V1)

            # sorting the media type here so the failure message is predictable for unit tests
            missing_types = []
            for media_type in sorted(expected_media_types):
                if media_type not in media_types:
                    missing_types.append(media_type)
            if missing_types:
                raise KeyError("expected media types {0} ".format(missing_types) +
                               "not in available media types {0}".format(sorted(media_types)))
        return sorted(media_types)
예제 #9
0
    def run(self):
        # Only run if the build was successful
        if self.workflow.build_process_failed:
            self.log.info("Not running for failed build")
            return []

        # Work out the name of the image to pull
        if not self.workflow.tag_conf.unique_images:
            raise ValueError(
                "no unique image set, impossible to verify media types")
        image = self.workflow.tag_conf.unique_images[0]

        registries = deepcopy(get_registries(self.workflow, {}))
        media_in_registry = {}
        expect_list_only = self.get_manifest_list_only_expectation()

        for registry_name, registry in registries.items():
            expected_media_types = set(registry.get('expected_media_types',
                                                    []))
            media_types = set()

            if expect_list_only:
                expected_media_types = set(
                    [MEDIA_TYPE_DOCKER_V2_MANIFEST_LIST])

            media_in_registry[registry_name] = {
                'expected': expected_media_types
            }

            pullspec = image.copy()
            pullspec.registry = registry_name
            insecure = registry.get('insecure', False)
            secret = registry.get('secret', None)

            kwargs = {}
            if PLUGIN_FETCH_SOURCES_KEY in self.workflow.prebuild_results:
                # For source containers, limit the versions we ask
                # about (and, if necessary, the expected media types).
                # This can help to avoid issues with tooling that is
                # unable to deal with the number of layers in these
                # images.
                src_config = get_source_container(self.workflow, fallback={})
                limit_media_types = src_config.get('limit_media_types')
                if limit_media_types is not None:
                    short_name = {
                        v: k
                        for k, v in ManifestDigest.content_type.items()
                    }
                    versions = tuple(short_name[mt]
                                     for mt in limit_media_types)
                    kwargs['versions'] = versions

                    if expected_media_types:
                        expected_media_types.intersection_update(
                            set(limit_media_types))

            digests = get_manifest_digests(pullspec,
                                           registry_name,
                                           insecure,
                                           secret,
                                           require_digest=False,
                                           **kwargs)
            if digests:
                if digests.v2_list:
                    media_types.add(MEDIA_TYPE_DOCKER_V2_MANIFEST_LIST)
                if digests.v2:
                    media_types.add(MEDIA_TYPE_DOCKER_V2_SCHEMA2)
                if digests.v1:
                    media_types.add(MEDIA_TYPE_DOCKER_V2_SCHEMA1)
                if digests.oci:
                    media_types.add(MEDIA_TYPE_OCI_V1)
                if digests.oci_index:
                    media_types.add(MEDIA_TYPE_OCI_V1_INDEX)

            media_in_registry[registry_name]['found'] = media_types

        should_raise = False
        all_found = set()
        for registry_name, manifests in media_in_registry.items():
            all_found.update(manifests['found'])
            if manifests['expected'] - manifests['found']:
                should_raise = True
                self.log.error(
                    "expected media types %s not in available media types %s,"
                    " for registry %s",
                    sorted(manifests['expected'] - manifests['found']),
                    sorted(manifests['found']), registry_name)

        if should_raise:
            raise KeyError("expected media types were not found")

        if expect_list_only:
            return [MEDIA_TYPE_DOCKER_V2_MANIFEST_LIST]
        return sorted(all_found)