def test_registry_session(tmpdir, registry, insecure, method,
responses_method):
temp_dir = mkdtemp(dir=str(tmpdir))
with open(os.path.join(temp_dir, '.dockercfg'), 'w+') as dockerconfig:
dockerconfig.write(
json.dumps({
registry_hostname(registry): {
'username': '******',
'password': '******'
}
}))
session = RegistrySession(registry,
insecure=insecure,
dockercfg_path=temp_dir)
path = '/v2/test/image/manifests/latest'
if registry.startswith('http'):
url = registry + path
elif insecure:
https_url = 'https://' + registry + path
responses.add(responses_method, https_url, body=ConnectionError())
url = 'http://' + registry + path
else:
url = 'https://' + registry + path
def request_callback(request, all_headers=True):
assert request.headers.get('Authorization') is not None
return (200, {}, 'A-OK')
responses.add_callback(responses_method, url, request_callback)
res = method(session, path)
assert res.text == 'A-OK'
def verify_v1_image(image, registry, log, insecure=False, dockercfg_path=None):
registry_session = RegistrySession(registry, insecure=insecure, dockercfg_path=dockercfg_path)
headers = {'Accept': MEDIA_TYPE_DOCKER_V1}
url = '/v1/repositories/{0}/tags/{1}'.format(image.get_repo(), image.tag)
log.debug("verify_v1_image: querying {0}, headers: {1}".format(url, headers))
response = registry_session.get(url, headers=headers)
for r in chain(response.history, [response]):
log.debug("verify_v1_image: [%s] %s", r.status_code, r.url)
log.debug("verify_v1_image: response headers: %s", response.headers)
response.raise_for_status()
# if we returned ok, then everything is fine.
return True
def test_get_built_images(workflow, manifest_version):
MockEnv(workflow).set_check_platforms_result(["ppc64le", "x86_64"])
workflow.data.tag_conf.add_unique_image(UNIQUE_IMAGE)
_, platform_digests = mock_registries(
[REGISTRY_V2],
{
"ppc64le": {REGISTRY_V2: ["namespace/httpd:2.4-ppc64le"]},
"x86_64": {REGISTRY_V2: ["namespace/httpd:2.4-x86_64"]},
},
schema_version=manifest_version,
)
ppc_digest = platform_digests["ppc64le"]["digests"][0]["digest"]
x86_digest = platform_digests["x86_64"]["digests"][0]["digest"]
flexmock(ManifestUtil).should_receive("__init__") # and do nothing, this test doesn't use it
plugin = GroupManifestsPlugin(workflow)
session = RegistrySession(REGISTRY_V2)
assert plugin.get_built_images(session) == [
BuiltImage(
pullspec=ImageName.parse(f"{UNIQUE_IMAGE}-ppc64le"),
platform="ppc64le",
manifest_digest=ppc_digest,
manifest_version=manifest_version,
),
BuiltImage(
pullspec=ImageName.parse(f"{UNIQUE_IMAGE}-x86_64"),
platform="x86_64",
manifest_digest=x86_digest,
manifest_version=manifest_version,
),
]
def verify_v1_image(image, registry, log, insecure=False, dockercfg_path=None):
registry_session = RegistrySession(registry, insecure=insecure, dockercfg_path=dockercfg_path)
headers = {'Accept': MEDIA_TYPE_DOCKER_V1}
url = '/v1/repositories/{0}/tags/{1}'.format(image.get_repo(), image.tag)
log.debug("verify_v1_image: querying {0}, headers: {1}".format(url, headers))
response = registry_session.get(url, headers=headers)
for r in chain(response.history, [response]):
log.debug("verify_v1_image: [%s] %s", r.status_code, r.url)
log.debug("verify_v1_image: response headers: %s", response.headers)
try:
response.raise_for_status()
return True
except Exception:
return False
def get_registry_session(self):
insecure = self.registry.get('insecure', False)
secret_path = self.registry.get('secret')
return RegistrySession(self.registry['uri'],
insecure=insecure,
dockercfg_path=secret_path,
access=('pull', 'push'))
def get_registry_session(self, registry):
registry_conf = self.registries[registry]
insecure = registry_conf.get('insecure', False)
secret_path = registry_conf.get('secret')
return RegistrySession(registry, insecure=insecure,
dockercfg_path=secret_path,
access=('pull', 'push'))
def _get_registry_client(self, registry):
"""
Get registry client for specified registry, cached by registry name
"""
client = self.registry_clients.get(registry)
if client is None:
session = RegistrySession.create_from_config(self.workflow.conf, registry=registry)
client = RegistryClient(session)
self.registry_clients[registry] = client
return client
def run(self):
deleted_digests = set()
worker_digests = self.get_worker_digests()
for registry, registry_conf in self.registries.items():
registry_noschema = registry_hostname(registry)
push_conf_registry = self.find_registry(registry_noschema,
self.workflow)
try:
insecure = registry_conf['insecure']
except KeyError:
# 'insecure' didn't used to be set in the registry config passed to this
# plugin - it would simply be inherited from the push_conf. To handle
# orchestrated builds, we need to have it configured for this plugin,
# but, if not set, check in the push_conf for compat.
if push_conf_registry:
insecure = push_conf_registry.insecure
else:
insecure = False
secret_path = registry_conf.get('secret')
session = RegistrySession(registry,
insecure=insecure,
dockercfg_path=secret_path)
# orchestrator builds use worker_digests
orchestrator_delete = self.handle_worker_digests(
session, worker_digests, deleted_digests)
if not push_conf_registry:
# only warn if we're not running in the orchestrator
if not orchestrator_delete:
self.log.warning(
"requested deleting image from %s but we haven't pushed there",
registry_noschema)
continue
# worker node and manifests use push_conf_registry
if self.handle_registry(session, push_conf_registry,
deleted_digests):
# delete these temp registries
self.workflow.push_conf.remove_docker_registry(
push_conf_registry)
return deleted_digests
def test_get_built_images_multiple_manifest_types(workflow):
MockEnv(workflow).set_check_platforms_result(["x86_64"])
workflow.data.tag_conf.add_unique_image(UNIQUE_IMAGE)
flexmock(ManifestUtil).should_receive("__init__") # and do nothing, this test doesn't use it
(
flexmock(RegistryClient)
.should_receive("get_manifest_digests")
.with_args(ImageName.parse(f"{UNIQUE_IMAGE}-x86_64"), versions=("v2", "oci"))
.and_return(ManifestDigest({"v2": make_digest("foo"), "oci": make_digest("bar")}))
)
plugin = GroupManifestsPlugin(workflow)
session = RegistrySession(REGISTRY_V2)
expect_error = (
f"Expected to find a single manifest digest for {UNIQUE_IMAGE}-x86_64, "
"but found multiple: {'v2': .*, 'oci': .*}"
)
with pytest.raises(RuntimeError, match=expect_error):
plugin.get_built_images(session)