예제 #1
0
    def test_list_of_config_value(self, container_registry_login_mock):
        registries = [
            ConfigValue({
                'uri': 'registry.redhat.io',
                'username': '******',
                'password': '******'
            }),
            ConfigValue({
                'uri': 'registry.internal.example.xyz',
                'username': '******',
                'password': '******'
            })
        ]

        container_registries_login(registries)

        calls = [
            call(container_registry_uri='registry.redhat.io',
                 container_registry_username='******',
                 container_registry_password='******',
                 container_registry_tls_verify=True,
                 containers_config_auth_file=None),
            call(container_registry_uri='registry.internal.example.xyz',
                 container_registry_username='******',
                 container_registry_password='******',
                 container_registry_tls_verify=True,
                 containers_config_auth_file=None)
        ]
        container_registry_login_mock.assert_has_calls(calls)
예제 #2
0
    def test_list_of_dicts_with_containers_config_auth_file(
            self, container_registry_login_mock):
        registries = [{
            'uri': 'registry.redhat.io',
            'username': '******',
            'password': '******'
        }, {
            'uri': 'registry.internal.example.xyz',
            'username': '******',
            'password': '******'
        }]

        container_registries_login(registries, '/tmp/mock/auth.json')

        calls = [
            call(container_registry_uri='registry.redhat.io',
                 container_registry_username='******',
                 container_registry_password='******',
                 container_registry_tls_verify=True,
                 containers_config_auth_file='/tmp/mock/auth.json'),
            call(container_registry_uri='registry.internal.example.xyz',
                 container_registry_username='******',
                 container_registry_password='******',
                 container_registry_tls_verify=True,
                 containers_config_auth_file='/tmp/mock/auth.json')
        ]
        container_registry_login_mock.assert_has_calls(calls)
예제 #3
0
    def test_dict_of_dicts_with_uri_keys(self, container_registry_login_mock):
        registries = {
            'redhat': {
                'uri': 'registry.redhat.io',
                'username': '******',
                'password': '******'
            },
            'internal': {
                'uri': 'registry.internal.example.xyz',
                'username': '******',
                'password': '******'
            }
        }

        container_registries_login(registries)

        calls = [
            call(container_registry_uri='registry.redhat.io',
                 container_registry_username='******',
                 container_registry_password='******',
                 container_registry_tls_verify=True,
                 containers_config_auth_file=None),
            call(container_registry_uri='registry.internal.example.xyz',
                 container_registry_username='******',
                 container_registry_password='******',
                 container_registry_tls_verify=True,
                 containers_config_auth_file=None)
        ]
        container_registry_login_mock.assert_has_calls(calls)
예제 #4
0
    def test_list_of_dicts_missing_username(self):
        registries = [{'uri': 'registry.redhat.io', 'password': '******'}]

        with self.assertRaisesRegex(
                AssertionError, r"Configuration for container registry "
                r"must specify a 'username': {'uri': 'registry.redhat.io', 'password': '******'}"
        ):
            container_registries_login(registries)
예제 #5
0
    def test_dict_of_dicts_missing_password(self):
        registries = {'registry.redhat.io': {'username': '******'}}

        with self.assertRaisesRegex(
                AssertionError,
                r"Configuration for container registry \(registry.redhat.io\) "
                r"must specify a 'password': {'username': '******'}"
        ):
            container_registries_login(registries)
예제 #6
0
    def _run_step(self):
        """Runs the TSSC step implemented by this StepImplementer.

        Returns
        -------
        dict
            Results of running this step.
        """
        image_version = "latest"
        if(self.get_step_results(DefaultSteps.GENERATE_METADATA) and \
          self.get_step_results(DefaultSteps.GENERATE_METADATA).get('container-image-version')):
            image_version = self.get_step_results(
                DefaultSteps.GENERATE_METADATA)['container-image-version']
        else:
            print('No version found in metadata. Using latest')
        image_version = image_version.lower()

        application_name = self.get_config_value('application-name')
        service_name = self.get_config_value('service-name')
        organization = self.get_config_value('organization')

        image_tar_file = ''
        if(self.get_step_results(DefaultSteps.CREATE_CONTAINER_IMAGE) and \
          self.get_step_results(DefaultSteps.CREATE_CONTAINER_IMAGE).get('image-tar-file')):
            image_tar_file = self.\
            get_step_results(DefaultSteps.CREATE_CONTAINER_IMAGE)['image-tar-file']
        else:
            raise RuntimeError('Missing image tar file from ' +
                               DefaultSteps.CREATE_CONTAINER_IMAGE)

        destination_url = self.get_config_value('destination-url')
        image_repository_uri = f"{destination_url}/{organization}/{application_name}-{service_name}"
        image_tag = f"{image_repository_uri}:{image_version}"

        try:
            # login to any provider container registries
            # NOTE: important to specify the auth file because depending on the context this is
            #       being run in python process may not have permissions to default location
            containers_config_auth_file = self.get_config_value(
                'containers-config-auth-file')
            container_registries_login(
                registries=self.get_config_value('container-registries'),
                containers_config_auth_file=containers_config_auth_file)

            # push image
            sh.skopeo.copy(  # pylint: disable=no-member
                f"--src-tls-verify={str(self.get_config_value('src-tls-verify'))}",
                f"--dest-tls-verify={str(self.get_config_value('dest-tls-verify'))}",
                f"--authfile={containers_config_auth_file}",
                'docker-archive:' + image_tar_file,
                'docker://' + image_tag,
                _out=sys.stdout,
                _err=sys.stderr,
                _tee='err')
        except sh.ErrorReturnCode as error:  # pylint: disable=undefined-variable
            raise RuntimeError('Error invoking skopeo: {error}'.format(
                error=error)) from error

        results = {
            'container-image-version': image_version,
            'container-image-uri': image_repository_uri,
            'container-image-tag': image_tag
        }

        return results
예제 #7
0
    def _run_step(self):
        """Runs the TSSC step implemented by this StepImplementer.

        Returns
        -------
        dict
            Results of running this step.
        """
        context = self.get_config_value('context')
        image_spec_file = self.get_config_value('imagespecfile')
        image_spec_file_location = context + '/' + image_spec_file
        application_name = self.get_config_value('application-name')
        service_name = self.get_config_value('service-name')

        if not os.path.exists(image_spec_file_location):
            raise ValueError(
                'Image specification file does not exist in location: ' +
                image_spec_file_location)

        if(self.get_step_results(DefaultSteps.GENERATE_METADATA) and \
          self.get_step_results(DefaultSteps.GENERATE_METADATA).get('image-tag')):
            image_tag_version = self.get_step_results(
                DefaultSteps.GENERATE_METADATA)['image-tag']
        else:
            image_tag_version = "latest"
            print('No image tag version found in metadata. Using latest')

        destination = "localhost/{application_name}/{service_name}".format(
            application_name=application_name, service_name=service_name)
        tag = "{destination}:{version}".format(destination=destination,
                                               version=image_tag_version)

        try:
            # login to any provider container registries
            # NOTE: important to specify the auth file because depending on the context this is
            #       being run in python process may not have permissions to default location
            containers_config_auth_file = self.get_config_value(
                'containers-config-auth-file')
            container_registries_login(
                registries=self.get_config_value('container-registries'),
                containers_config_auth_file=containers_config_auth_file)

            # perform build
            #
            # NOTE: using --storage-driver=vfs so that container does not need escalated privileges
            #       vfs is less efficient then fuse (which would require host mounts),
            #       but such is the price we pay for security.
            sh.buildah.bud(  # pylint: disable=no-member
                '--storage-driver=vfs',
                '--format=' + self.get_config_value('format'),
                '--tls-verify=' + str(self.get_config_value('tlsverify')),
                '--layers',
                '-f',
                image_spec_file,
                '-t',
                tag,
                '--authfile',
                containers_config_auth_file,
                context,
                _out=sys.stdout,
                _err=sys.stderr,
                _tee='err')
        except sh.ErrorReturnCode as error:  # pylint: disable=undefined-variable
            raise RuntimeError('Issue invoking buildah bud with given image '
                               'specification file (' + image_spec_file +
                               ')') from error

        image_tar_file = "image-{application_name}-{service_name}-{version}.tar".format(
            application_name=application_name,
            service_name=service_name,
            version=image_tag_version)

        try:
            # Check to see if the tar docker-archive file already exists
            #   this needs to be run as buildah does not support overwritting
            #   existing files.
            #
            # NOTE: using --storage-driver=vfs so that container does not need escalated privileges
            #       vfs is less efficient then fuse (which would require host mounts),
            #       but such is the price we pay for security.
            if os.path.exists(image_tar_file):
                os.remove(image_tar_file)
            sh.buildah.push(  #pylint: disable=no-member
                '--storage-driver=vfs',
                tag,
                "docker-archive:" + image_tar_file,
                _out=sys.stdout,
                _err=sys.stderr,
                _tee='err')
        except sh.ErrorReturnCode as error:  # pylint: disable=undefined-variable
            raise RuntimeError('Issue invoking buildah push to tar file ' +
                               image_tar_file) from error

        results = {'image-tag': tag, 'image-tar-file': image_tar_file}

        return results
예제 #8
0
    def test_registries_none(self, container_registry_login):
        registries = None

        container_registries_login(registries)

        container_registry_login.assert_not_called()