def test_layer_exists(registry_v2_image_source: RegistryV2ImageSource,
image: str):
"""Test layer existence."""
image_name = ImageName.parse(image)
layer = registry_v2_image_source.get_manifest(image_name).get_layers()[-1]
assert registry_v2_image_source.layer_exists(image_name, layer)
assert not registry_v2_image_source.layer_exists(image_name,
FormattedSHA256("0" * 64))
def test_get_image_layer_to_disk(
registry_v2_image_source: RegistryV2ImageSource, image: str):
"""Test layer retrieval to disk."""
image_name = ImageName.parse(image)
config_digest = registry_v2_image_source.get_manifest(
image_name).get_config_digest()
temp = tempfile.NamedTemporaryFile()
result = registry_v2_image_source.get_image_layer_to_disk(
image_name, config_digest, temp)
assert result["digest"] == config_digest
def test__get_request_headers(
request,
registry_v2_image_source: RegistryV2ImageSource,
image: str,
expected_credentials: str,
):
"""Test request headers retrieval."""
registry_v2_image_source.credentials_store = get_test_data_path(
request, "credentials_store.json")
image_name = ImageName.parse(image)
headers = registry_v2_image_source._get_request_headers(image_name)
assert headers
assert expected_credentials in headers["Authorization"]
def registry(context: Context, images: List[ImageName]):
"""Operates on docker registries (v2)."""
ctx = get_context_object(context)
ctx["images"] = images
ctx["imagesource"] = RegistryV2ImageSource()
verify(context)
def test_get_manifest(registry_v2_image_source: RegistryV2ImageSource,
image: str):
"""Test manifest retrieval."""
image_name = ImageName.parse(image)
manifest = registry_v2_image_source.get_manifest(image_name)
assert manifest
assert isinstance(manifest, RegistryV2Manifest)
def registry(context: Context, src_image_name: ImageName, dest_image_name: ImageName):
"""Operates on docker registries (v2)."""
ctx = get_context_object(context)
ctx["src_image_name"] = src_image_name
ctx["dest_image_name"] = dest_image_name
ctx["imagesource"] = RegistryV2ImageSource(dry_run=ctx["dry_run"])
copy(context)
def registry(context, src_image_name: ImageName, dest_image_name: ImageName):
"""Operates on docker registries (v2)."""
context.obj["src_image_name"] = src_image_name
context.obj["dest_image_name"] = dest_image_name
context.obj["imagesource"] = RegistryV2ImageSource(
dry_run=context.obj["dry_run"])
copy(context)
def test_get_iamge_config(registry_v2_image_source: RegistryV2ImageSource,
image: str):
"""Test image configuration retrieval."""
image_name = ImageName.parse(image)
config = registry_v2_image_source.get_image_config(image_name)
assert config
assert isinstance(config, ImageConfig)
def test_unsign_image_same_image_source(
registry_v2_image_source: RegistryV2ImageSource, image: str):
"""Test image unsigning."""
src_image_name = ImageName.parse(image)
dest_image_name = copy.deepcopy(src_image_name)
dest_image_name.tag = "{0}_unsigned".format(dest_image_name.tag)
def assertions(result: dict):
assert result
image_config = result["image_config"]
assert image_config
assert "FAKE SIGNATURE" not in str(image_config)
verify_image_data = result["verify_image_data"]
assert verify_image_data
assert image_config == verify_image_data["image_config"]
manifest = verify_image_data["manifest"]
assert manifest
manifest_unsigned = result["manifest_unsigned"]
assert manifest_unsigned
assert manifest_unsigned.get_config_digest(
) == image_config.get_config_digest()
assert len(manifest_unsigned.get_layers()) == len(
image_config.get_image_layers())
# 1. Pre signature
assertions(
registry_v2_image_source.unsign_image(src_image_name,
registry_v2_image_source,
dest_image_name))
# Sign
registry_v2_image_source.sign_image(FakeSigner(), src_image_name,
registry_v2_image_source,
dest_image_name)
# 2. Post signature
assertions(
registry_v2_image_source.unsign_image(src_image_name,
registry_v2_image_source,
dest_image_name))
def test__get_credentials(
request,
registry_v2_image_source: RegistryV2ImageSource,
endpoint: str,
expected_username: str,
expected_password: str,
):
"""Test credentials retrieval."""
registry_v2_image_source.credentials_store = get_test_data_path(
request, "credentials_store.json")
credentials = registry_v2_image_source._get_credentials(endpoint)
assert credentials
decoded = base64.decodebytes(credentials.encode("utf-8")).decode("utf-8")
assert decoded
actual_username, actual_password = decoded.split(":")
assert actual_username == expected_username
assert actual_password == expected_password
async def registry_v2_image_source(
credentials_store_path: Path,
docker_registry_secure: DockerRegistrySecure,
replicate_manifest_lists,
) -> RegistryV2ImageSource:
# pylint: disable=unused-argument
"""Provides a RegistryV2ImageSource instance."""
# Do not use caching; get a new instance for each test
async with RegistryV2ImageSource(
credentials_store=credentials_store_path,
ssl=docker_registry_secure.ssl_context) as registry_v2_image_source:
credentials = docker_registry_secure.auth_header[
"Authorization"].split()[1]
await registry_v2_image_source.docker_registry_client_async.add_credentials(
docker_registry_secure.endpoint, credentials)
yield registry_v2_image_source
def registry(
context,
keyid: str,
keypass: str,
sigtype: str,
src_image_name: ImageName,
dest_image_name: ImageName,
):
"""Operates on docker registries (v2)."""
context.obj["keyid"] = keyid
context.obj["keypass"] = keypass
context.obj["sigtype"] = sigtype
context.obj["src_image_name"] = src_image_name
context.obj["dest_image_name"] = dest_image_name
context.obj["imagesource"] = RegistryV2ImageSource(
dry_run=context.obj["dry_run"])
sign(context)
def test_verify_image_integrity(
registry_v2_image_source: RegistryV2ImageSource, image: str):
"""Test image unsigning."""
image_name = ImageName.parse(image)
def assertions(result: dict):
assert result
image_config = result["image_config"]
assert image_config
manifest = result["manifest"]
assert manifest
assert len(result["compressed_layer_files"]) == len(
result["uncompressed_layer_files"])
# 1. Unsigned
assertions(registry_v2_image_source.verify_image_integrity(image_name))
def registry_v2_image_source() -> RegistryV2ImageSource:
"""Provides a RegistryV2ImageSource instance."""
# Do not use caching; get a new instance for each test
return RegistryV2ImageSource(dry_run=True)
def registry_v2_image_source():
# Do not use caching; get a new instance for each test
return RegistryV2ImageSource(dry_run=True)
def registry(context, images: List):
"""Operates on docker registries (v2)."""
context.obj["images"] = images
context.obj["imagesource"] = RegistryV2ImageSource()
verify(context)
async def registry_v2_image_source() -> RegistryV2ImageSource:
"""Provides a RegistryV2ImageSource instance."""
# Do not use caching; get a new instance for each test
# Implicitly tests __aenter__(), __aexit__(), and close()
async with RegistryV2ImageSource() as registry_v2_image_source:
yield registry_v2_image_source
