def pull_image(self, image, remote_image_obj, **kwargs):
assert(isinstance(remote_image_obj, Image))
debug = kwargs.get('debug', False)
if image.startswith("dockertar:"):
path = image.replace("dockertar:", "", 1)
with open(path, 'rb') as f:
self.d.load_image(data=f)
return 0
fq_name = remote_image_obj.fq_name
local_image = self.has_image(image)
if local_image is not None:
if self.already_has_image(local_image, remote_image_obj):
raise util.ImageAlreadyExists(image)
registry, _, _, tag, _ = util.Decompose(fq_name).all
image = "docker-daemon:{}".format(fq_name)
if not image.endswith(tag):
image += ":{}".format(tag)
if '@sha256:' in image:
image = image.replace("@sha256:", ":")
insecure = True if util.is_insecure_registry(self.d.info()['RegistryConfig'], util.strip_port(registry)) else False
trust = Trust()
trust.discover_sigstore(fq_name)
util.write_out("Pulling {} ...".format(fq_name))
util.skopeo_copy("docker://{}".format(fq_name), image, debug=debug, insecure=insecure,
policy_filename=trust.policy_filename)
return 0
def TrustDelete(self, registry, sigstoretype):
trust = Trust()
args = self.Args()
args.sigstoretype = sigstoretype
args.registry = registry
trust.set_args(args)
trust.delete()
def pull_image(self, image, remote_image_obj, **kwargs):
"""
Pulls an image to the backend
:param image:
:param pull_args:
:return:
"""
debug = kwargs.get('debug', False)
fq_name = remote_image_obj.fq_name
registry, _, _, tag, _ = util.Decompose(fq_name).all
if not image.endswith(tag):
image += ":{}".format(tag)
if '@sha256:' in image:
image = image.replace("@sha256:", ":")
insecure = False
registries_config = util.load_registries_from_yaml()
if "insecure_registries" in registries_config:
if registry in registries_config['insecure_registries']:
insecure = True
source = "docker://{}".format(image)
dest = "containers-storage:{}".format(image)
trust = Trust()
trust.discover_sigstore(fq_name)
util.write_out("Pulling {} ...".format(fq_name))
util.skopeo_copy(source,
dest,
debug=debug,
insecure=insecure,
policy_filename=trust.policy_filename)
return 0
def test_trust_gpg_email_id(self):
args = self.Args()
testobj = Trust(
policy_filename=os.path.join(FIXTURE_DIR, "show_policy.json"))
testobj.atomic_config = util.get_atomic_config(
atomic_config=os.path.join(FIXTURE_DIR, "atomic.conf"))
testobj.set_args(args)
actual = testobj.get_gpg_id(args.pubkeys)
self.assertEqual("*****@*****.**", actual)
def TrustAdd(self, registry, trusttype, pubkeys, keytype, sigstore, sigstoretype):
trust = Trust()
args = self.Args()
args.registry = registry
args.pubkeys = pubkeys
args.keytype = keytype
args.trust_type = trusttype
args.sigstoretype = sigstoretype
args.sigstore = sigstore
trust.set_args(args)
trust.add()
def test_trust_show(self):
args = self.Args()
testobj = Trust(
policy_filename=os.path.join(FIXTURE_DIR, "show_policy.json"))
testobj.atomic_config = util.get_atomic_config(
atomic_config=os.path.join(FIXTURE_DIR, "atomic.conf"))
testobj.set_args(args)
with self.captured_output() as (out, _):
testobj.show()
with open(os.path.join(FIXTURE_DIR, "show_policy.output"), 'r') as f:
expected = f.read()
actual = out.getvalue()
self.assertEqual(expected, actual)
def test_add_trust_keys(self):
args = self.Args()
args.sigstore = None
testobj = Trust(policy_filename=TEST_POLICY)
testobj.atomic_config = util.get_atomic_config(
atomic_config=os.path.join(FIXTURE_DIR, "atomic.conf"))
testobj.set_args(args)
testobj.add()
with open(testobj.policy_filename, 'r') as f:
d = json.load(f)
self.assertEqual(
d["transports"]["atomic"]["docker.io"][0]["keyPath"],
os.path.join(FIXTURE_DIR, "key1.pub"))
def test_delete_trust(self):
args = self.Args()
args.pubkeys = []
args.sigstoretype = "web"
args.registry = "registry.example.com/foo"
args.pubkeys = None
testobj = Trust(policy_filename=TEST_POLICY)
testobj.atomic_config = util.get_atomic_config(
atomic_config=os.path.join(FIXTURE_DIR, "atomic.conf"))
testobj.set_args(args)
testobj.delete()
with open(testobj.policy_filename, 'r') as f:
d = json.load(f)
self.assertNotIn(args.registry, d["transports"]["docker"])
def test_update_registry_sigstore(self):
testobj = Trust(policy_filename=TEST_POLICY)
testobj.atomic_config = util.get_atomic_config(
atomic_config=os.path.join(FIXTURE_DIR, "atomic.conf"))
testobj.modify_registry_config("docker.io", "docker",
"https://sigstore.example.com/update")
with open(os.path.join(FIXTURE_DIR, "configs/docker.io.updated.yaml"),
'r') as f:
conf_expected = yaml.load(f)
with open(
os.path.join(FIXTURE_DIR,
"etc/containers/registries.d/docker.io.yaml"),
'r') as f:
conf_modified = yaml.load(f)
self.assertEqual(conf_expected, conf_modified)
def test_add_reject_type(self):
args = self.Args()
args.trust_type = "reject"
args.sigstoretype = "web"
args.pubkeys = []
args.registry = "registry.example.com/foo"
testobj = Trust(policy_filename=TEST_POLICY)
testobj.atomic_config = util.get_atomic_config(
atomic_config=os.path.join(FIXTURE_DIR, "atomic.conf"))
testobj.set_args(args)
testobj.add()
with open(testobj.policy_filename, 'r') as f:
d = json.load(f)
self.assertEqual(
d["transports"]["docker"][args.registry][0]["type"],
args.trust_type)
def test_setup_default_policy(self):
args = self.Args()
args.sigstoretype = "web"
testobj = Trust()
testobj.set_args(args)
with open(os.path.join(FIXTURE_DIR, "default_policy.json"),
'r') as default:
policy_default = json.load(default)
policy_default = testobj.check_policy(policy_default, "docker")
policy_expected = {
"default": [{
"type": "insecureAcceptAnything"
}],
"transports": {
"docker": {}
}
}
self.assertEqual(policy_default, policy_expected)
def pull_image(self, image, pull_args):
# Add this when atomic registry is incorporated.
# if self.args.reg_type == "atomic":
# pull_uri = 'atomic:'
# else:
# pull_uri = 'docker://'
img_obj = self._make_remote_image(image)
fq_name = img_obj.fq_name
insecure = True if util.is_insecure_registry(
self.d.info()['RegistryConfig'], util.strip_port(
img_obj.registry)) else False
# This needs to be re-enabled with Aaron's help
trust = Trust()
trust.set_args(pull_args)
trust.discover_sigstore(fq_name)
util.write_out("Pulling {} ...".format(fq_name))
util.skopeo_copy("docker://{}".format(fq_name),
"docker-daemon:{}".format(image),
debug=pull_args.debug,
insecure=insecure,
policy_filename=pull_args.policy_filename)
def test_sigstoretype_map_local(self):
testobj = Trust()
self.assertEqual(testobj.get_sigstore_type_map("local"), "dir")
def test_sigstoretype_map_web(self):
testobj = Trust()
self.assertEqual(testobj.get_sigstore_type_map("web"), "docker")
def TrustDefaultPolicy(self, default_policy):
trust = Trust()
args = self.Args()
args.default_policy = default_policy
trust.set_args(args)
return trust.modify_default()
def TrustShow(self):
trust = Trust()
args = self.Args()
trust.set_args(args)
return json.dumps(trust.show_json())
