def test_list_of_config_value(self, container_registry_login_mock): registries = [ ConfigValue({ 'uri': 'registry.redhat.io', 'username': '******', 'password': '******' }), ConfigValue({ 'uri': 'registry.internal.example.xyz', 'username': '******', 'password': '******' }) ] container_registries_login(registries) calls = [ call(container_registry_uri='registry.redhat.io', container_registry_username='******', container_registry_password='******', container_registry_tls_verify=True, containers_config_auth_file=None), call(container_registry_uri='registry.internal.example.xyz', container_registry_username='******', container_registry_password='******', container_registry_tls_verify=True, containers_config_auth_file=None) ] container_registry_login_mock.assert_has_calls(calls)
def test_list_of_dicts_with_containers_config_auth_file( self, container_registry_login_mock): registries = [{ 'uri': 'registry.redhat.io', 'username': '******', 'password': '******' }, { 'uri': 'registry.internal.example.xyz', 'username': '******', 'password': '******' }] container_registries_login(registries, '/tmp/mock/auth.json') calls = [ call(container_registry_uri='registry.redhat.io', container_registry_username='******', container_registry_password='******', container_registry_tls_verify=True, containers_config_auth_file='/tmp/mock/auth.json'), call(container_registry_uri='registry.internal.example.xyz', container_registry_username='******', container_registry_password='******', container_registry_tls_verify=True, containers_config_auth_file='/tmp/mock/auth.json') ] container_registry_login_mock.assert_has_calls(calls)
def test_dict_of_dicts_with_uri_keys(self, container_registry_login_mock): registries = { 'redhat': { 'uri': 'registry.redhat.io', 'username': '******', 'password': '******' }, 'internal': { 'uri': 'registry.internal.example.xyz', 'username': '******', 'password': '******' } } container_registries_login(registries) calls = [ call(container_registry_uri='registry.redhat.io', container_registry_username='******', container_registry_password='******', container_registry_tls_verify=True, containers_config_auth_file=None), call(container_registry_uri='registry.internal.example.xyz', container_registry_username='******', container_registry_password='******', container_registry_tls_verify=True, containers_config_auth_file=None) ] container_registry_login_mock.assert_has_calls(calls)
def test_list_of_dicts_missing_username(self): registries = [{'uri': 'registry.redhat.io', 'password': '******'}] with self.assertRaisesRegex( AssertionError, r"Configuration for container registry " r"must specify a 'username': {'uri': 'registry.redhat.io', 'password': '******'}" ): container_registries_login(registries)
def test_dict_of_dicts_missing_password(self): registries = {'registry.redhat.io': {'username': '******'}} with self.assertRaisesRegex( AssertionError, r"Configuration for container registry \(registry.redhat.io\) " r"must specify a 'password': {'username': '******'}" ): container_registries_login(registries)
def _run_step(self): """Runs the TSSC step implemented by this StepImplementer. Returns ------- dict Results of running this step. """ image_version = "latest" if(self.get_step_results(DefaultSteps.GENERATE_METADATA) and \ self.get_step_results(DefaultSteps.GENERATE_METADATA).get('container-image-version')): image_version = self.get_step_results( DefaultSteps.GENERATE_METADATA)['container-image-version'] else: print('No version found in metadata. Using latest') image_version = image_version.lower() application_name = self.get_config_value('application-name') service_name = self.get_config_value('service-name') organization = self.get_config_value('organization') image_tar_file = '' if(self.get_step_results(DefaultSteps.CREATE_CONTAINER_IMAGE) and \ self.get_step_results(DefaultSteps.CREATE_CONTAINER_IMAGE).get('image-tar-file')): image_tar_file = self.\ get_step_results(DefaultSteps.CREATE_CONTAINER_IMAGE)['image-tar-file'] else: raise RuntimeError('Missing image tar file from ' + DefaultSteps.CREATE_CONTAINER_IMAGE) destination_url = self.get_config_value('destination-url') image_repository_uri = f"{destination_url}/{organization}/{application_name}-{service_name}" image_tag = f"{image_repository_uri}:{image_version}" try: # login to any provider container registries # NOTE: important to specify the auth file because depending on the context this is # being run in python process may not have permissions to default location containers_config_auth_file = self.get_config_value( 'containers-config-auth-file') container_registries_login( registries=self.get_config_value('container-registries'), containers_config_auth_file=containers_config_auth_file) # push image sh.skopeo.copy( # pylint: disable=no-member f"--src-tls-verify={str(self.get_config_value('src-tls-verify'))}", f"--dest-tls-verify={str(self.get_config_value('dest-tls-verify'))}", f"--authfile={containers_config_auth_file}", 'docker-archive:' + image_tar_file, 'docker://' + image_tag, _out=sys.stdout, _err=sys.stderr, _tee='err') except sh.ErrorReturnCode as error: # pylint: disable=undefined-variable raise RuntimeError('Error invoking skopeo: {error}'.format( error=error)) from error results = { 'container-image-version': image_version, 'container-image-uri': image_repository_uri, 'container-image-tag': image_tag } return results
def _run_step(self): """Runs the TSSC step implemented by this StepImplementer. Returns ------- dict Results of running this step. """ context = self.get_config_value('context') image_spec_file = self.get_config_value('imagespecfile') image_spec_file_location = context + '/' + image_spec_file application_name = self.get_config_value('application-name') service_name = self.get_config_value('service-name') if not os.path.exists(image_spec_file_location): raise ValueError( 'Image specification file does not exist in location: ' + image_spec_file_location) if(self.get_step_results(DefaultSteps.GENERATE_METADATA) and \ self.get_step_results(DefaultSteps.GENERATE_METADATA).get('image-tag')): image_tag_version = self.get_step_results( DefaultSteps.GENERATE_METADATA)['image-tag'] else: image_tag_version = "latest" print('No image tag version found in metadata. Using latest') destination = "localhost/{application_name}/{service_name}".format( application_name=application_name, service_name=service_name) tag = "{destination}:{version}".format(destination=destination, version=image_tag_version) try: # login to any provider container registries # NOTE: important to specify the auth file because depending on the context this is # being run in python process may not have permissions to default location containers_config_auth_file = self.get_config_value( 'containers-config-auth-file') container_registries_login( registries=self.get_config_value('container-registries'), containers_config_auth_file=containers_config_auth_file) # perform build # # NOTE: using --storage-driver=vfs so that container does not need escalated privileges # vfs is less efficient then fuse (which would require host mounts), # but such is the price we pay for security. sh.buildah.bud( # pylint: disable=no-member '--storage-driver=vfs', '--format=' + self.get_config_value('format'), '--tls-verify=' + str(self.get_config_value('tlsverify')), '--layers', '-f', image_spec_file, '-t', tag, '--authfile', containers_config_auth_file, context, _out=sys.stdout, _err=sys.stderr, _tee='err') except sh.ErrorReturnCode as error: # pylint: disable=undefined-variable raise RuntimeError('Issue invoking buildah bud with given image ' 'specification file (' + image_spec_file + ')') from error image_tar_file = "image-{application_name}-{service_name}-{version}.tar".format( application_name=application_name, service_name=service_name, version=image_tag_version) try: # Check to see if the tar docker-archive file already exists # this needs to be run as buildah does not support overwritting # existing files. # # NOTE: using --storage-driver=vfs so that container does not need escalated privileges # vfs is less efficient then fuse (which would require host mounts), # but such is the price we pay for security. if os.path.exists(image_tar_file): os.remove(image_tar_file) sh.buildah.push( #pylint: disable=no-member '--storage-driver=vfs', tag, "docker-archive:" + image_tar_file, _out=sys.stdout, _err=sys.stderr, _tee='err') except sh.ErrorReturnCode as error: # pylint: disable=undefined-variable raise RuntimeError('Issue invoking buildah push to tar file ' + image_tar_file) from error results = {'image-tag': tag, 'image-tar-file': image_tar_file} return results
def test_registries_none(self, container_registry_login): registries = None container_registries_login(registries) container_registry_login.assert_not_called()