def test_create_pod_with_private_image():
"""Deploys a pod with a private Docker image, using Mesos containerizer."""
if not common.is_enterprise_cli_package_installed():
common.install_enterprise_cli_package()
username = os.environ['DOCKER_HUB_USERNAME']
password = os.environ['DOCKER_HUB_PASSWORD']
secret_name = "pullConfig"
secret_value_json = common.create_docker_pull_config_json(
username, password)
secret_value = json.dumps(secret_value_json)
pod_def = pods.private_docker_pod()
pod_id = pod_def['id']
common.create_secret(secret_name, secret_value)
client = marathon.create_client()
try:
client.add_pod(pod_def)
common.deployment_wait(timeout=timedelta(minutes=5).total_seconds(),
service_id=pod_id)
pod = client.show_pod(pod_id)
assert pod is not None, "The pod has not been created"
finally:
common.delete_secret(secret_name)
def test_private_repository_mesos_app():
"""Deploys an app with a private Docker image, using Mesos containerizer."""
if not common.is_enterprise_cli_package_installed():
common.install_enterprise_cli_package()
username = os.environ['DOCKER_HUB_USERNAME']
password = os.environ['DOCKER_HUB_PASSWORD']
secret_name = "pullConfig"
secret_value_json = common.create_docker_pull_config_json(username, password)
secret_value = json.dumps(secret_value_json)
app_def = apps.private_ucr_docker_app()
# In strict mode all tasks are started as user `nobody` by default and `nobody`
# doesn't have permissions to write to /var/log within the container.
if shakedown.ee_version() == 'strict':
app_def['user'] = '******'
common.add_dcos_marathon_root_user_acls()
common.create_secret(secret_name, secret_value)
client = marathon.create_client()
try:
client.add_app(app_def)
shakedown.deployment_wait()
common.assert_app_tasks_running(client, app_def)
finally:
common.delete_secret(secret_name)
def test_private_repository_mesos_app():
"""Deploys an app with a private Docker image, using Mesos containerizer."""
if not common.is_enterprise_cli_package_installed():
common.install_enterprise_cli_package()
username = os.environ['DOCKER_HUB_USERNAME']
password = os.environ['DOCKER_HUB_PASSWORD']
secret_name = "pullConfig"
secret_value_json = common.create_docker_pull_config_json(
username, password)
secret_value = json.dumps(secret_value_json)
app_def = apps.private_ucr_docker_app()
# Here we're starting an nignx server in a container. In a strict mode however
# all tasks are started as user `nobody` and `nobody` doesn't have permissions
# to write to /var/log within the container. To avoid this we override the cmd
# with a simple `sleep`. This is a hacky workaround but the test is still valid
# since we're testing `pullConfig` feature.
if shakedown.ee_version() == 'strict':
app_def['cmd'] = 'sleep 10000000'
common.create_secret(secret_name, secret_value)
client = marathon.create_client()
try:
client.add_app(app_def)
shakedown.deployment_wait()
common.assert_app_tasks_running(client, app_def)
finally:
common.delete_secret(secret_name)
def test_create_pod_with_private_image():
"""Deploys a pod with a private Docker image, using Mesos containerizer."""
if not common.is_enterprise_cli_package_installed():
common.install_enterprise_cli_package()
username = os.environ['DOCKER_HUB_USERNAME']
password = os.environ['DOCKER_HUB_PASSWORD']
secret_name = "pullconfig"
secret_value_json = common.create_docker_pull_config_json(username, password)
secret_value = json.dumps(secret_value_json)
pod_def = pods.private_docker_pod()
pod_id = pod_def['id']
common.create_secret(secret_name, secret_value)
client = marathon.create_client()
try:
client.add_pod(pod_def)
common.deployment_wait(timeout=timedelta(minutes=5).total_seconds(), service_id=pod_id)
pod = client.show_pod(pod_id)
assert pod is not None, "The pod has not been created"
finally:
common.delete_secret(secret_name)
def test_pod_secret_env_var(secret_fixture):
# Install enterprise-cli since it's needed to create secrets
if not common.is_enterprise_cli_package_installed():
common.install_enterprise_cli_package()
secret_name, secret_value = secret_fixture
pod_id = '/{}'.format(uuid.uuid4().hex)
pod_def = {
"id":
pod_id,
"containers": [{
"name":
"container-1",
"resources": {
"cpus": 0.1,
"mem": 64
},
"endpoints": [{
"name": "http",
"hostPort": 0,
"protocol": ["tcp"]
}],
"exec": {
"command": {
"shell":
"echo $SECRET_ENV && echo $SECRET_ENV >> $MESOS_SANDBOX/secret-env && /opt/mesosphere/bin/python -m http.server $ENDPOINT_HTTP"
}
}
}],
"environment": {
"SECRET_ENV": {
"secret": "secret1"
}
},
"networks": [{
"mode": "host"
}],
"secrets": {
"secret1": {
"source": secret_name
}
}
}
client = marathon.create_client()
client.add_pod(pod_def)
shakedown.deployment_wait()
instances = client.show_pod(pod_id)['instances']
assert len(
instances) == 1, 'Failed to start the secret environment variable pod'
port = instances[0]['containers'][0]['endpoints'][0]['allocatedHostPort']
host = instances[0]['networks'][0]['addresses'][0]
cmd = "curl {}:{}/secret-env".format(host, port)
status, data = shakedown.run_command_on_master(cmd)
assert status, "{} did not succeed".format(cmd)
assert data.rstrip() == secret_value
def test_private_repository_mesos_app():
""" Test private docker registry with mesos containerizer using "config" container's image field."""
requires_marathon_version("1.5")
if not common.is_enterprise_cli_package_installed():
common.install_enterprise_cli_package()
username = os.environ['DOCKER_HUB_USERNAME']
password = os.environ['DOCKER_HUB_PASSWORD']
secret_name = "dockerPullConfig"
secret_value_json = common.create_docker_pull_config_json(username, password)
secret_value = json.dumps(secret_value_json)
client = marathon.create_client()
common.create_secret(secret_name, secret_value)
try:
app_def = common.private_mesos_container_app(secret_name)
client.add_app(app_def)
shakedown.deployment_wait()
common.assert_app_tasks_running(client, app_def)
finally:
common.delete_secret(secret_name)
def test_pod_secret_env_var(secret_fixture):
# Install enterprise-cli since it's needed to create secrets
if not common.is_enterprise_cli_package_installed():
common.install_enterprise_cli_package()
secret_name, secret_value = secret_fixture
pod_id = '/{}'.format(uuid.uuid4().hex)
pod_def = {
"id": pod_id,
"containers": [{
"name": "container-1",
"resources": {
"cpus": 0.1,
"mem": 64
},
"endpoints": [{
"name": "http",
"hostPort": 0,
"protocol": [
"tcp"
]}
],
"exec": {
"command": {
"shell": "echo $SECRET_ENV && echo $SECRET_ENV >> $MESOS_SANDBOX/secret-env && /opt/mesosphere/bin/python -m http.server $ENDPOINT_HTTP"
}
}
}],
"environment": {
"SECRET_ENV": {
"secret": "secret1"
}
},
"networks": [{
"mode": "host"
}],
"secrets": {
"secret1": {
"source": secret_name
}
}
}
client = marathon.create_client()
client.add_pod(pod_def)
shakedown.deployment_wait()
instances = client.show_pod(pod_id)['instances']
assert len(instances) == 1, 'Failed to start the secret environment variable pod'
port = instances[0]['containers'][0]['endpoints'][0]['allocatedHostPort']
host = instances[0]['networks'][0]['addresses'][0]
cmd = "curl {}:{}/secret-env".format(host, port)
status, data = shakedown.run_command_on_master(cmd)
assert status, "{} did not succeed".format(cmd)
assert data.rstrip() == secret_value
def secret_fixture():
if not common.is_enterprise_cli_package_installed():
common.install_enterprise_cli_package()
secret_name = '/mysecret'
secret_value = 'super_secret_password'
common.create_secret(secret_name, secret_value)
yield secret_name, secret_value
common.delete_secret(secret_name)
def secret_fixture():
if not common.is_enterprise_cli_package_installed():
common.install_enterprise_cli_package()
secret_name = '/mysecret'
secret_value = 'super_secret_password'
common.create_secret(secret_name, secret_value)
yield secret_name, secret_value
common.delete_secret(secret_name)
def test_app_secret_env_var(secret_fixture):
# Install enterprise-cli since it's needed to create secrets
if not common.is_enterprise_cli_package_installed():
common.install_enterprise_cli_package()
secret_name, secret_value = secret_fixture
app_id = uuid.uuid4().hex
app_def = {
"id": app_id,
"instances": 1,
"cpus": 0.1,
"mem": 64,
"cmd": "echo $SECRET_ENV >> $MESOS_SANDBOX/secret-env && /opt/mesosphere/bin/python -m http.server $PORT_API",
"env": {
"SECRET_ENV": {
"secret": "secret1"
}
},
"portDefinitions": [{
"port": 0,
"protocol": "tcp",
"name": "api",
"labels": {}
}],
"secrets": {
"secret1": {
"source": secret_name
}
}
}
client = marathon.create_client()
client.add_app(app_def)
shakedown.deployment_wait()
tasks = client.get_tasks(app_id)
assert len(tasks) == 1, 'Failed to start the secret environment variable app'
port = tasks[0]['ports'][0]
host = tasks[0]['host']
cmd = "curl {}:{}/secret-env".format(host, port)
status, data = shakedown.run_command_on_master(cmd)
assert status, "{} did not succeed".format(cmd)
assert data.rstrip() == secret_value
def test_create_pod_with_private_image():
if not common.is_enterprise_cli_package_installed():
common.install_enterprise_cli_package()
username = os.environ['DOCKER_HUB_USERNAME']
password = os.environ['DOCKER_HUB_PASSWORD']
secret_name = "dockerPullConfig"
secret_value_json = common.create_docker_pull_config_json(username, password)
secret_value = json.dumps(secret_value_json)
client = marathon.create_client()
common.create_secret(secret_name, secret_value)
try:
pod_def = common.private_docker_pod(secret_name)
client.add_pod(pod_def)
shakedown.deployment_wait(timeout=timedelta(minutes=5).total_seconds())
pod = client.show_pod(pod_def["id"])
assert pod is not None
finally:
common.delete_secret(secret_name)
def test_private_repository_mesos_app():
"""Deploys an app with a private Docker image, using Mesos containerizer."""
if not common.is_enterprise_cli_package_installed():
common.install_enterprise_cli_package()
username = os.environ['DOCKER_HUB_USERNAME']
password = os.environ['DOCKER_HUB_PASSWORD']
secret_name = "pullConfig"
secret_value_json = common.create_docker_pull_config_json(username, password)
secret_value = json.dumps(secret_value_json)
app_def = apps.private_ucr_docker_app()
common.create_secret(secret_name, secret_value)
client = marathon.create_client()
try:
client.add_app(app_def)
shakedown.deployment_wait()
common.assert_app_tasks_running(client, app_def)
finally:
common.delete_secret(secret_name)
def ensure_prerequisites_installed():
if not common.is_enterprise_cli_package_installed():
common.install_enterprise_cli_package()
assert common.is_enterprise_cli_package_installed()
def install_enterprise_cli():
"""Install enterprise cli on an DC/OS EE cluster before all tests start.
"""
if ee_version() is not None:
common.install_enterprise_cli_package()
def test_pod_file_based_secret(secret_fixture):
# Install enterprise-cli since it's needed to create secrets
if not common.is_enterprise_cli_package_installed():
common.install_enterprise_cli_package()
secret_name, secret_value = secret_fixture
secret_normalized_name = secret_name.replace('/', '')
pod_id = '/{}'.format(uuid.uuid4().hex)
pod_def = {
"id": pod_id,
"containers": [{
"name": "container-1",
"resources": {
"cpus": 0.1,
"mem": 64
},
"endpoints": [{
"name": "http",
"hostPort": 0,
"protocol": [
"tcp"
]}
],
"exec": {
"command": {
"shell": "cat {} >> {}_file && /opt/mesosphere/bin/python -m http.server $ENDPOINT_HTTP".format(secret_normalized_name, secret_normalized_name),
}
},
"volumeMounts": [{
"name": "vol",
"mountPath": secret_name
}],
}],
"networks": [{
"mode": "host"
}],
"volumes": [{
"name": "vol",
"secret": "secret1"
}],
"secrets": {
"secret1": {
"source": secret_name
}
}
}
client = marathon.create_client()
client.add_pod(pod_def)
shakedown.deployment_wait()
instances = client.show_pod(pod_id)['instances']
assert len(instances) == 1, 'Failed to start the file based secret pod'
port = instances[0]['containers'][0]['endpoints'][0]['allocatedHostPort']
host = instances[0]['networks'][0]['addresses'][0]
cmd = "curl {}:{}/{}_file".format(host, port, secret_normalized_name)
status, data = shakedown.run_command_on_master(cmd)
assert status, "{} did not succeed".format(cmd)
assert data.rstrip() == secret_value
def install_enterprise_cli():
"""Install enterprise cli on an DC/OS EE cluster before all tests start.
"""
if ee_version() is not None:
common.install_enterprise_cli_package()
def test_pod_file_based_secret(secret_fixture):
# Install enterprise-cli since it's needed to create secrets
if not common.is_enterprise_cli_package_installed():
common.install_enterprise_cli_package()
secret_name, secret_value = secret_fixture
secret_normalized_name = secret_name.replace('/', '')
pod_id = '/{}'.format(uuid.uuid4().hex)
pod_def = {
"id":
pod_id,
"containers": [{
"name":
"container-1",
"resources": {
"cpus": 0.1,
"mem": 64
},
"endpoints": [{
"name": "http",
"hostPort": 0,
"protocol": ["tcp"]
}],
"exec": {
"command": {
"shell":
"cat {} >> {}_file && /opt/mesosphere/bin/python -m http.server $ENDPOINT_HTTP"
.format(secret_normalized_name, secret_normalized_name),
}
},
"volumeMounts": [{
"name": "vol",
"mountPath": secret_name
}],
}],
"networks": [{
"mode": "host"
}],
"volumes": [{
"name": "vol",
"secret": "secret1"
}],
"secrets": {
"secret1": {
"source": secret_name
}
}
}
client = marathon.create_client()
client.add_pod(pod_def)
shakedown.deployment_wait()
instances = client.show_pod(pod_id)['instances']
assert len(instances) == 1, 'Failed to start the file based secret pod'
port = instances[0]['containers'][0]['endpoints'][0]['allocatedHostPort']
host = instances[0]['networks'][0]['addresses'][0]
cmd = "curl {}:{}/{}_file".format(host, port, secret_normalized_name)
status, data = shakedown.run_command_on_master(cmd)
assert status, "{} did not succeed".format(cmd)
assert data.rstrip() == secret_value
