def test_parse(image_data: TypingGetTestData):
"""Test initialization via parsed strings."""
image_name = ImageName.parse(image_data["string"])
assert image_name.digest == image_data["digest"]
assert image_name.endpoint == image_data["endpoint"]
assert image_name.image == image_data["image"]
assert image_name.tag == image_data["tag"]
with pytest.raises(ValueError) as exception:
ImageName.parse("a:b:c:d")
assert str(exception.value).startswith("Unable to parse string:")
def test_parse_string(image_data: TypingGetTestData):
"""Test string parsing for complex image names."""
result = ImageName._parse_string(image_data["string"])
assert result["digest"] == image_data["digest"]
assert result["endpoint"] == image_data["endpoint"]
assert result["image"] == image_data["image"]
assert result["tag"] == image_data["tag"]
def test_docker_registry_insecure_list(
docker_registry_insecure_list: List[DockerRegistryInsecure], pdrf_scale_factor: int
):
"""Test that an insecure docker registry can be instantiated without images."""
for i in range(pdrf_scale_factor):
assert "127.0.0.1" in docker_registry_insecure_list[i].endpoint
# Should be there from session level import of 'push_image' decorator on 'test_docker_registry_secure_images'
image_name = ImageName.parse("busybox:1.30.1")
# Version
response = requests.head(
f"http://{docker_registry_insecure_list[i].endpoint}/v2/"
)
assert response.status_code == 200
if i > 0:
continue
# Tag list
response = requests.get(
f"http://{docker_registry_insecure_list[i].endpoint}/v2/{image_name.image}/tags/list"
)
assert response.status_code == 200
assert image_name.tag in response.json()["tags"]
# Manifest
response = requests.head(
f"http://{docker_registry_insecure_list[i].endpoint}/v2/{image_name.image}/manifests/{image_name.tag}"
)
assert response.status_code == 200
assert "Docker-Content-Digest" in response.headers
assert no_duplicates([str(i) for i in docker_registry_insecure_list])
def test___init__(image_data: TypingGetTestData):
"""Test that image name can be instantiated."""
assert ImageName(
digest=image_data["digest"],
endpoint=image_data["endpoint"],
image=image_data["image"],
tag=image_data["tag"],
)
def test_docker_registry_secure_list(
docker_registry_secure_list: List[DockerRegistrySecure],
pdrf_scale_factor: int,
request,
):
"""Test that an secure docker registry can be instantiated with images."""
for i in range(pdrf_scale_factor):
assert "127.0.0.1" in docker_registry_secure_list[i].endpoint
image_name = ImageName.parse(get_pushed_images(request)[0])
# Version
response = requests.head(
f"https://{docker_registry_secure_list[i].endpoint}/v2/",
headers=docker_registry_secure_list[i].auth_header,
verify=str(docker_registry_secure_list[i].cacerts),
)
assert response.status_code == 200
if i < 1:
# Tag list
response = requests.get(
f"https://{docker_registry_secure_list[i].endpoint}/v2/{image_name.image}/tags/list",
headers=docker_registry_secure_list[i].auth_header,
verify=str(docker_registry_secure_list[i].cacerts),
)
assert response.status_code == 200
assert image_name.tag in response.json()["tags"]
# Manifest
response = requests.head(
f"https://{docker_registry_secure_list[i].endpoint}/v2/{image_name.image}/manifests/{image_name.tag}",
headers=docker_registry_secure_list[i].auth_header,
verify=str(docker_registry_secure_list[i].cacerts),
)
assert response.status_code == 200
assert "Docker-Content-Digest" in response.headers
# Error: Unauthenticated
response = requests.head(
f"https://{docker_registry_secure_list[i].endpoint}/v2/",
verify=str(docker_registry_secure_list[i].cacerts),
)
assert response.status_code == 401
# Error: CA not trusted
with pytest.raises(SSLError) as exc_info:
requests.head(
f"https://{docker_registry_secure_list[i].endpoint}/v2/",
headers=docker_registry_secure_list[i].auth_header,
)
assert "CERTIFICATE_VERIFY_FAILED" in str(exc_info.value)
assert no_duplicates([str(i) for i in docker_registry_secure_list])
def test_replicate_image(docker_registry_secure: DockerRegistrySecure,
image: str):
"""Tests that images can be replicated."""
image_name = ImageName.parse(image)
replicate_image(
docker_registry_secure.docker_client,
image_name,
docker_registry_secure.endpoint,
)
media_type = "application/vnd.docker.distribution.manifest.v2+json"
https_connection = HTTPSConnection(
context=docker_registry_secure.ssl_context,
host=docker_registry_secure.endpoint)
if image_name.digest:
https_connection.request(
"GET",
url=f"/v2/{image_name.image}/manifests/{image_name.digest}",
headers={
"Accept": media_type,
**docker_registry_secure.auth_header
},
)
verify_http_response(https_connection, image_name, media_type)
if image_name.tag:
# TODO: Fixgure out why HTTPSConnection cannot perform multiple requests ?!?
https_connection = HTTPSConnection(
context=docker_registry_secure.ssl_context,
host=docker_registry_secure.endpoint,
)
https_connection.request(
"GET",
url=f"/v2/{image_name.image}/manifests/{image_name.tag}",
headers={
"Accept": media_type,
**docker_registry_secure.auth_header
},
)
verify_http_response(https_connection, image_name, media_type)
def get_test_data() -> Generator[TypingGetTestData, None, None]:
"""Dynamically initializes test data."""
for endpoint in ["endpoint.io", "endpoint:port", None]:
for image in [
"image", "ns0/image", "ns0/ns1/image", "ns0/ns1/ns2/image"
]:
for tag in ["tag", None]:
for digest in ["sha256:ABCD1234", None]:
# Construct a complex string ...
string = image
if tag:
string = f"{string}:{tag}"
if digest:
string = f"{string}@{digest}"
if endpoint:
string = f"{endpoint}/{string}"
yield {
"digest": digest,
"endpoint": endpoint,
"image": image,
"object": ImageName.parse(string),
"string": string,
"tag": tag,
}
def test_docker_registry_insecure(docker_registry_insecure: DockerRegistryInsecure):
"""Test that an insecure docker registry can be instantiated without images."""
assert "127.0.0.1" in docker_registry_insecure.endpoint
# Should be there from session level import of 'push_image' decorator on 'test_docker_registry_secure_images'
image_name = ImageName.parse("busybox:1.30.1")
# Version
response = requests.head(f"http://{docker_registry_insecure.endpoint}/v2/")
assert response.status_code == 200
# Tag list
response = requests.get(
f"http://{docker_registry_insecure.endpoint}/v2/{image_name.image}/tags/list"
)
assert response.status_code == 200
assert image_name.tag in response.json()["tags"]
# Manifest
response = requests.head(
f"http://{docker_registry_insecure.endpoint}/v2/{image_name.image}/manifests/{image_name.tag}"
)
assert response.status_code == 200
assert "Docker-Content-Digest" in response.headers
def test_replicate_manifest_list(docker_registry_secure: DockerRegistrySecure,
manifest_list: str):
"""Tests that manifest lists can be replicated."""
image_name = ImageName.parse(manifest_list)
# Try to retrieve credentials first ...
auth_header_src = get_auth_headers(docker_registry_secure, image_name)
if not auth_header_src:
pytest.skip("Unable to retrieve credentials for: %s",
image_name.endpoint)
# Replicate all of the manifests referenced in the manifest list ...
for image in [
"library/busybox@sha256:4fe8827f51a5e11bb83afa8227cbccb402df840d32c6b633b7ad079bc8144100",
"library/busybox@sha256:abc043b5132f825e44eefffc35535b1f24bd3f1bb60b11943863563a46795fdc",
"library/busybox@sha256:07717dd5f074de0cf4f7ca8f635cb63aef63d789f15a22ab482a3d27a0a1f881",
"library/busybox@sha256:8dfe92e22300734a185375b6316d01aa1a2b0623d425a5e6e406771ba5642bf1",
"library/busybox@sha256:3bdba83255bf7c575e31e129b2ddf1c0c32382e112cb051af6c5143c24a5ddbd",
"library/busybox@sha256:bb87f507b42a6efe6f1d5382c826f914673a065f4d777b54b52f5414d688837a",
"library/busybox@sha256:a09f03056efb5d3facb5077a9e58e83e9bba74ad4d343b2afa92c70b5ae01e2b",
"library/busybox@sha256:0b671b6a323d86aa6165883f698b557ca257c3a3ffa1e3152ffb6467e7ac11b3",
]:
img_name = ImageName.parse(image)
replicate_image(
docker_registry_secure.docker_client,
img_name,
docker_registry_secure.endpoint,
)
# Replicate the manifest list ...
replicate_manifest_list(
image_name,
docker_registry_secure.endpoint,
auth_header_dest=docker_registry_secure.auth_header,
auth_header_src=auth_header_src,
ssl_context_dest=docker_registry_secure.ssl_context,
)
media_type = "application/vnd.docker.distribution.manifest.list.v2+json"
https_connection = HTTPSConnection(
context=docker_registry_secure.ssl_context,
host=docker_registry_secure.endpoint)
if image_name.digest:
https_connection.request(
"GET",
url=f"/v2/{image_name.image}/manifests/{image_name.digest}",
headers={
"Accept": media_type,
**docker_registry_secure.auth_header
},
)
verify_http_response(https_connection, image_name, media_type)
if image_name.tag:
# TODO: Figure out why HTTPSConnection cannot perform multiple requests ?!?
https_connection = HTTPSConnection(
context=docker_registry_secure.ssl_context,
host=docker_registry_secure.endpoint,
)
https_connection.request(
"GET",
url=f"/v2/{image_name.image}/manifests/{image_name.tag}",
headers={
"Accept": media_type,
**docker_registry_secure.auth_header
},
)
verify_http_response(https_connection, image_name, media_type)