def test_resolve_registry_and_auth(self):
auth_config = {
'https://index.docker.io/v1/': {'auth': 'indexuser'},
'my.registry.net': {'auth': 'privateuser'},
}
# library image
image = 'image'
self.assertEqual(
resolve_authconfig(auth_config, resolve_repository_name(image)[0]),
{'auth': 'indexuser'},
)
# docker hub image
image = 'username/image'
self.assertEqual(
resolve_authconfig(auth_config, resolve_repository_name(image)[0]),
{'auth': 'indexuser'},
)
# private registry
image = 'my.registry.net/image'
self.assertEqual(
resolve_authconfig(auth_config, resolve_repository_name(image)[0]),
{'auth': 'privateuser'},
)
# unauthenticated registry
image = 'other.registry.net/image'
self.assertEqual(
resolve_authconfig(auth_config, resolve_repository_name(image)[0]),
None,
)
def test_resolve_repository_name(self):
# docker hub library image
self.assertEqual(resolve_repository_name("image"), ("index.docker.io", "image"))
# docker hub image
self.assertEqual(resolve_repository_name("username/image"), ("index.docker.io", "username/image"))
# private registry
self.assertEqual(resolve_repository_name("my.registry.net/image"), ("my.registry.net", "image"))
# private registry with port
self.assertEqual(resolve_repository_name("my.registry.net:5000/image"), ("my.registry.net:5000", "image"))
# private registry with username
self.assertEqual(
resolve_repository_name("my.registry.net/username/image"), ("my.registry.net", "username/image")
)
# no dots but port
self.assertEqual(resolve_repository_name("hostname:5000/image"), ("hostname:5000", "image"))
# no dots but port and username
self.assertEqual(resolve_repository_name("hostname:5000/username/image"), ("hostname:5000", "username/image"))
# localhost
self.assertEqual(resolve_repository_name("localhost/image"), ("localhost", "image"))
# localhost with username
self.assertEqual(resolve_repository_name("localhost/username/image"), ("localhost", "username/image"))
def test_resolve_repository_name(self):
# docker hub library image
self.assertEqual(
resolve_repository_name('image'),
('index.docker.io', 'image'),
)
# docker hub image
self.assertEqual(
resolve_repository_name('username/image'),
('index.docker.io', 'username/image'),
)
# private registry
self.assertEqual(
resolve_repository_name('my.registry.net/image'),
('my.registry.net', 'image'),
)
# private registry with port
self.assertEqual(
resolve_repository_name('my.registry.net:5000/image'),
('my.registry.net:5000', 'image'),
)
# private registry with username
self.assertEqual(
resolve_repository_name('my.registry.net/username/image'),
('my.registry.net', 'username/image'),
)
# no dots but port
self.assertEqual(
resolve_repository_name('hostname:5000/image'),
('hostname:5000', 'image'),
)
# no dots but port and username
self.assertEqual(
resolve_repository_name('hostname:5000/username/image'),
('hostname:5000', 'username/image'),
)
# localhost
self.assertEqual(
resolve_repository_name('localhost/image'),
('localhost', 'image'),
)
# localhost with username
self.assertEqual(
resolve_repository_name('localhost/username/image'),
('localhost', 'username/image'),
)
def find_image(self, name, tag):
'''
Lookup an image and return the inspection results.
'''
if not name:
return None
self.log("Find image %s:%s" % (name, tag))
images = self._image_lookup(name, tag)
if len(images) == 0:
# In API <= 1.20 seeing 'docker.io/<name>' as the name of images pulled from docker hub
registry, repo_name = auth.resolve_repository_name(name)
if registry == 'docker.io':
# the name does not contain a registry, so let's see if docker.io works
lookup = "docker.io/%s" % name
self.log("Check for docker.io image: %s" % lookup)
images = self._image_lookup(lookup, tag)
if len(images) > 1:
self.fail("Registry returned more than one result for %s:%s" % (name, tag))
if len(images) == 1:
try:
inspection = self.inspect_image(images[0]['Id'])
except Exception, exc:
self.fail("Error inspecting image %s:%s - %s" % (name, tag, str(exc)))
return inspection
def pull(self, repository, tag=None, stream=False):
registry, repo_name = auth.resolve_repository_name(repository)
if repo_name.count(":") == 1:
repository, tag = repository.rsplit(":", 1)
params = {
'tag': tag,
'fromImage': repository
}
headers = {}
if utils.compare_version('1.5', self._version) >= 0:
if getattr(self, '_cfg', None) is None:
self._cfg = auth.load_config()
authcfg = auth.resolve_authconfig(self._cfg, registry)
# do not fail if no atuhentication exists
# for this specific registry as we can have a readonly pull
if authcfg:
headers['X-Registry-Auth'] = auth.encode_header(authcfg)
u = self._url("/images/create")
response = self._post(u, params=params, headers=headers, stream=stream,
timeout=None)
if stream:
return self._stream_helper(response)
else:
return self._result(response)
def test_resolve_registry_and_auth_hub_image(self):
image = 'username/image'
self.assertEqual(
auth.resolve_authconfig(
self.auth_config, auth.resolve_repository_name(image)[0]
)['username'],
'indexuser',
)
def test_resolve_registry_and_auth_explicit_legacy_hub(self):
image = 'index.docker.io/username/image'
self.assertEqual(
auth.resolve_authconfig(
self.auth_config, auth.resolve_repository_name(image)[0]
)['username'],
'indexuser',
)
def test_resolve_registry_and_auth_private_registry(self):
image = 'my.registry.net/image'
self.assertEqual(
auth.resolve_authconfig(
self.auth_config, auth.resolve_repository_name(image)[0]
)['username'],
'privateuser',
)
def test_resolve_registry_and_auth_unauthenticated_registry(self):
image = 'other.registry.net/image'
self.assertEqual(
auth.resolve_authconfig(
self.auth_config, auth.resolve_repository_name(image)[0]
),
None,
)
def test_resolve_registry_and_auth_library_image(self):
image = 'image'
self.assertEqual(
auth.resolve_authconfig(
self.auth_config, auth.resolve_repository_name(image)[0]
),
{'auth': 'indexuser'},
)
def test_resolve_registry_and_auth(self):
auth_config = {"https://index.docker.io/v1/": {"auth": "indexuser"}, "my.registry.net": {"auth": "privateuser"}}
# library image
image = "image"
self.assertEqual(resolve_authconfig(auth_config, resolve_repository_name(image)[0]), {"auth": "indexuser"})
# docker hub image
image = "username/image"
self.assertEqual(resolve_authconfig(auth_config, resolve_repository_name(image)[0]), {"auth": "indexuser"})
# private registry
image = "my.registry.net/image"
self.assertEqual(resolve_authconfig(auth_config, resolve_repository_name(image)[0]), {"auth": "privateuser"})
# unauthenticated registry
image = "other.registry.net/image"
self.assertEqual(resolve_authconfig(auth_config, resolve_repository_name(image)[0]), None)
def test_resolve_repository_name(self):
self.assertEqual(resolve_repository_name("root"),
(INDEX_URL, "root"))
self.assertEqual(resolve_repository_name("root:tag"),
(INDEX_URL, "root:tag"))
self.assertEqual(resolve_repository_name("root:tag.minor"),
(INDEX_URL, "root:tag.minor"))
self.assertEqual(resolve_repository_name("user/repo"),
(INDEX_URL, "user/repo"))
self.assertEqual(resolve_repository_name("user/repo:tag"),
(INDEX_URL, "user/repo:tag"))
self.assertEqual(resolve_repository_name("localhost:5000/user/repo"),
("http://localhost:5000/v1/", "user/repo"))
self.assertEqual(resolve_repository_name("localhost:5000/user/repo:tag"),
("http://localhost:5000/v1/", "user/repo:tag"))
self.assertEqual(resolve_repository_name("domain.name:5000/user/repo"),
("http://domain.name:5000/v1/", "user/repo"))
self.assertEqual(resolve_repository_name("domain.name:5000/user/repo:tag"),
("http://domain.name:5000/v1/", "user/repo:tag"))
def push(self, repository):
registry, repo_name = auth.resolve_repository_name(repository)
u = self._url("/images/{0}/push".format(repository))
headers = {}
if getattr(self, '_cfg', None) is None:
self._cfg = auth.load_config()
authcfg = auth.resolve_authconfig(self._cfg, registry)
if utils.compare_version('1.5', self._version) >= 0:
# do not fail if no atuhentication exists
# for this specific registry as we can have an anon push
if authcfg:
headers['X-Registry-Auth'] = auth.encode_header(authcfg)
return self._result(self._post_json(u, None, headers=headers))
return self._result(self._post_json(u, authcfg))
def push(self, repository, authcfg=None):
registry, _ = auth.resolve_repository_name(repository)
u = self._url("/images/{0}/push".format(repository))
headers = {}
if authcfg is None:
if getattr(self, '_cfg', None) is None:
self._cfg = auth.load_config()
authcfg = auth.resolve_authconfig(self._cfg, registry)
if utils.compare_version('1.5', self._version) >= 0:
# do not fail if no atuhentication exists
# for this specific registry as we can have an anon push
if authcfg:
headers['X-Registry-Auth'] = auth.encode_header(authcfg)
response = self._post_json(u, None, headers=headers,
stream=True)
else:
response = self._post_json(u, authcfg, stream=True)
response.raise_for_status()
return response.iter_content(1)
def push(self, repository, stream=False):
registry, repo_name = auth.resolve_repository_name(repository)
u = self._url("/images/{0}/push".format(repository))
headers = {}
if getattr(self, "_cfg", None) is None:
self._cfg = auth.load_config()
authcfg = auth.resolve_authconfig(self._cfg, registry)
if utils.compare_version("1.5", self._version) >= 0:
# do not fail if no atuhentication exists
# for this specific registry as we can have an anon push
if authcfg:
headers["X-Registry-Auth"] = auth.encode_header(authcfg)
if stream:
return self._stream_helper(self._post_json(u, None, headers=headers, stream=True))
else:
return self._result(self._post_json(u, None, headers=headers, stream=False))
if stream:
return self._stream_helper(self._post_json(u, authcfg, stream=True))
else:
return self._result(self._post_json(u, authcfg, stream=False))
def push_image(self, name, tag=None):
'''
If the name of the image contains a repository path, then push the image.
:param name Name of the image to push.
:param tag Use a specific tag.
:return: None
'''
repository = name
if not tag:
repository, tag = parse_repository_tag(name)
registry, repo_name = resolve_repository_name(repository)
self.log("push %s to %s/%s:%s" % (self.name, registry, repo_name, tag))
if registry:
self.results['actions'].append("Pushed image %s to %s/%s:%s" % (self.name, registry, repo_name, tag))
self.results['changed'] = True
if not self.check_mode:
status = None
try:
for line in self.client.push(repository, tag=tag, stream=True, decode=True):
self.log(line, pretty_print=True)
if line.get('errorDetail'):
raise Exception(line['errorDetail']['message'])
status = line.get('status')
except Exception as exc:
if re.search('unauthorized', str(exc)):
if re.search('authentication required', str(exc)):
self.fail("Error pushing image %s/%s:%s - %s. Try logging into %s first." %
(registry, repo_name, tag, str(exc), registry))
else:
self.fail("Error pushing image %s/%s:%s - %s. Does the repository exist?" %
(registry, repo_name, tag, str(exc)))
self.fail("Error pushing image %s: %s" % (repository, str(exc)))
self.results['image'] = self.client.find_image(name=repository, tag=tag)
if not self.results['image']:
self.results['image'] = dict()
self.results['image']['push_status'] = status
def push_image(self, name, tag=None):
'''
Push an image to a repository.
:param name - name of the image to push. Type: str
:param tag - use a specific tag. Type: str
:return: None
'''
repository = name
if not tag:
repository, tag = utils.parse_repository_tag(name)
registry, repo_name = auth.resolve_repository_name(repository)
if registry:
config = auth.load_config()
if not auth.resolve_authconfig(config, registry):
self.fail("Error: configuration for %s not found. Try logging into %s first." % registry)
try:
self.log("pushing image %s" % (repository))
status = None
if not self.check_mode:
self.results['actions'].append("Pushed image %s to %s:%s" % (self.name, self.repository, self.tag))
for line in self.client.push(repository, tag=tag, stream=True):
response = json.loads(line)
self.log(response, pretty_print=True)
if response.get('errorDetail'):
# there was an error
raise Exception(response['errorDetail']['message'])
status = response.get('status')
self.results['changed'] = True
image = self.client.find_image(name=repository, tag=tag)
if image:
self.results['image'] = image
self.results['image']['push_status'] = status
except Exception, exc:
if re.search(r'unauthorized', str(exc)):
self.fail("Error pushing image %s: %s. Does the repository exist?" % (repository, str(exc)))
self.fail("Error pushing image %s: %s" % (repository, str(exc)))
def test_resolve_repository_name_no_dots_but_port_and_username(self):
self.assertEqual(
auth.resolve_repository_name('hostname:5000/username/image'),
('hostname:5000', 'username/image'),
)
def test_resolve_repository_name_localhost(self):
self.assertEqual(
auth.resolve_repository_name('localhost/image'),
('localhost', 'image'),
)
def test_resolve_repository_name_private_registry_with_username(self):
assert auth.resolve_repository_name(
'my.registry.net/username/image') == ('my.registry.net',
'username/image')
def parse_id(cls, name):
reg_repo, tag = parse_repository_tag(name)
reg, repo = resolve_repository_name(reg_repo)
return reg, repo, tag
def test_resolve_repository_name_dotted_hub_library_image(self):
self.assertEqual(
auth.resolve_repository_name('image.valid'),
('docker.io', 'image.valid')
)
def test_resolve_repository_name_private_registry(self):
assert auth.resolve_repository_name('my.registry.net/image') == (
'my.registry.net', 'image'
)
def test_resolve_repository_name_hub_image(self):
self.assertEqual(
auth.resolve_repository_name('username/image'),
('index.docker.io', 'username/image'),
)
def test_resolve_registry_and_auth_explicit_hub(self):
image = 'docker.io/username/image'
assert auth.resolve_authconfig(
self.auth_config, auth.resolve_repository_name(image)[0]
)['username'] == 'indexuser'
def test_resolve_repository_name_hub_image(self):
assert auth.resolve_repository_name('username/image') == (
'docker.io', 'username/image'
)
def test_resolve_repository_name_private_registry(self):
assert auth.resolve_repository_name('my.registry.net/image') == (
'my.registry.net', 'image')
def test_resolve_repository_name_localhost(self):
assert auth.resolve_repository_name('localhost/image') == ('localhost',
'image')
def test_resolve_repository_name_no_dots_but_port_and_username(self):
assert auth.resolve_repository_name(
'hostname:5000/username/image') == ('hostname:5000',
'username/image')
def test_resolve_repository_name_private_registry_with_username(self):
self.assertEqual(
auth.resolve_repository_name('my.registry.net/username/image'),
('my.registry.net', 'username/image'),
)
def test_resolve_repository_name_private_registry_with_username(self):
assert auth.resolve_repository_name(
'my.registry.net/username/image'
) == ('my.registry.net', 'username/image')
def test_resolve_repository_name_private_registry_with_port(self):
self.assertEqual(
auth.resolve_repository_name('my.registry.net:5000/image'),
('my.registry.net:5000', 'image'),
)
def test_resolve_repository_name_localhost(self):
assert auth.resolve_repository_name('localhost/image') == (
'localhost', 'image'
)
def test_explicit_hub_index_library_image(self):
self.assertEqual(
auth.resolve_repository_name('docker.io/image'),
('docker.io', 'image')
)
def test_invalid_index_name(self):
with pytest.raises(errors.InvalidRepository):
auth.resolve_repository_name('-gecko.com/image')
def test_invalid_index_name(self):
self.assertRaises(
errors.InvalidRepository,
lambda: auth.resolve_repository_name('-gecko.com/image')
)
def test_resolve_repository_name_localhost_with_username(self):
self.assertEqual(
auth.resolve_repository_name('localhost/username/image'),
('localhost', 'username/image'),
)
def test_resolve_repository_name_localhost(self):
self.assertEqual(
auth.resolve_repository_name('localhost/image'),
('localhost', 'image'),
)
def test_explicit_legacy_hub_index_library_image(self):
assert auth.resolve_repository_name('index.docker.io/image') == (
'docker.io', 'image')
def test_resolve_repository_name_localhost_with_username(self):
assert auth.resolve_repository_name('localhost/username/image') == (
'localhost', 'username/image')
def test_resolve_repository_name_private_registry_with_port(self):
assert auth.resolve_repository_name('my.registry.net:5000/image') == (
'my.registry.net:5000', 'image')
def test_resolve_registry_and_auth_library_image(self):
image = 'image'
assert auth.resolve_authconfig(
self.auth_config, auth.resolve_repository_name(image)[0]
)['username'] == 'indexuser'
def test_invalid_index_name(self):
with pytest.raises(errors.InvalidRepository):
auth.resolve_repository_name('-gecko.com/image')
def test_resolve_repository_name_dotted_hub_library_image(self):
assert auth.resolve_repository_name('image.valid') == (
'docker.io', 'image.valid'
)
def test_resolve_registry_and_auth_hub_image(self):
image = 'username/image'
assert auth.resolve_authconfig(
self.auth_config,
auth.resolve_repository_name(image)[0])['username'] == 'indexuser'
def test_explicit_legacy_hub_index_library_image(self):
assert auth.resolve_repository_name('index.docker.io/image') == (
'docker.io', 'image'
)
def test_resolve_registry_and_auth_explicit_legacy_hub(self):
image = 'index.docker.io/username/image'
assert auth.resolve_authconfig(
self.auth_config,
auth.resolve_repository_name(image)[0])['username'] == 'indexuser'
def test_resolve_repository_name_private_registry_with_port(self):
assert auth.resolve_repository_name('my.registry.net:5000/image') == (
'my.registry.net:5000', 'image'
)
def test_resolve_registry_and_auth_private_registry(self):
image = 'my.registry.net/image'
assert auth.resolve_authconfig(self.auth_config,
auth.resolve_repository_name(image)
[0])['username'] == 'privateuser'
def test_resolve_repository_name_no_dots_but_port_and_username(self):
assert auth.resolve_repository_name(
'hostname:5000/username/image'
) == ('hostname:5000', 'username/image')
def test_resolve_registry_and_auth_unauthenticated_registry(self):
image = 'other.registry.net/image'
assert auth.resolve_authconfig(
self.auth_config,
auth.resolve_repository_name(image)[0]) is None
def test_resolve_repository_name_localhost_with_username(self):
assert auth.resolve_repository_name('localhost/username/image') == (
'localhost', 'username/image'
)
def test_resolve_repository_name_dotted_hub_library_image(self):
assert auth.resolve_repository_name('image.valid') == ('docker.io',
'image.valid')
def test_resolve_repository_name_hub_image(self):
assert auth.resolve_repository_name('username/image') == (
'docker.io', 'username/image')
def parse_image_name(image):
repository, tag = docker_utils.parse_repository_tag(image)
registry, name = docker_auth.resolve_repository_name(repository)
if registry == docker_auth.INDEX_NAME:
registry = ''
return registry, name, tag
