""" Unit tests for the Deis registry app. Run the tests with "./manage.py test registry" """ import unittest from unittest import mock from django.conf import settings from rest_framework.exceptions import PermissionDenied from registry import publish_release, get_port, RegistryException from registry.dockerclient import DockerClient @mock.patch('docker.Client') class DockerClientTest(unittest.TestCase): """Test that the client makes appropriate Docker engine API calls.""" def setUp(self): settings.REGISTRY_HOST, settings.REGISTRY_PORT = 'localhost', 5000 def test_get_port(self, mock_client): self.client = DockerClient() # Make sure login is not called when there are no creds get_port('ozzy/embryo:git-f2a8020', False) self.assertFalse(self.client.client.login.called) creds = { 'username': 'fake', 'password': 'fake', 'email': 'fake', 'registry': 'quay.io' } client = {} client['Status'] = 'Login Succeeded' self.client.client.login.return_value = client get_port('ozzy/embryo:git-f2a8020', False, creds) self.assertTrue(self.client.client.login.called) self.assertTrue(self.client.client.pull.called) self.assertTrue(self.client.client.inspect_image.called) def test_publish_release(self, mock_client): self.client = DockerClient() # Make sure login is not called when there are no creds publish_release('ozzy/embryo:git-f2a8020', 'ozzy/embryo:v4', False) self.assertFalse(self.client.client.login.called) creds = { 'username': 'fake', 'password': 'fake', 'email': 'fake', 'registry': 'quay.io' } client = {} client['Status'] = 'Login Succeeded' self.client.client.login.return_value = client publish_release('ozzy/embryo:git-f2a8020', 'ozzy/embryo:v4', False, creds) self.assertTrue(self.client.client.login.called) self.assertTrue(self.client.client.pull.called) self.assertTrue(self.client.client.tag.called) self.assertTrue(self.client.client.push.called) publish_release('ozzy/embryo:git-f2a8020', 'ozzy/embryo:v4', True) self.assertTrue(self.client.client.pull.called) self.assertTrue(self.client.client.tag.called) self.assertTrue(self.client.client.push.called) # Test that a registry host prefix is replaced with deis-registry for the target publish_release('ozzy/embryo:git-f2a8020', 'quay.io/ozzy/embryo:v4', True) docker_push = self.client.client.push docker_push.assert_called_with( 'localhost:5000/ozzy/embryo', tag='v4', decode=True, stream=True ) # Test that blacklisted image names can't be published with self.assertRaises(PermissionDenied): publish_release( 'deis/controller:v1.11.1', 'deis/controller:v1.11.1', True) with self.assertRaises(PermissionDenied): publish_release( 'localhost:5000/deis/controller:v1.11.1', 'deis/controller:v1.11.1', True) def test_login(self, mock_client): self.client = DockerClient() # success client = {} client['Status'] = 'Login Succeeded' self.client.client.login.return_value = client creds = { 'username': 'fake', 'password': 'fake', 'email': 'fake', 'registry': 'quay.io' } self.client.login('quay.io/deis/foobar', creds) docker_login = self.client.client.login docker_login.assert_called_with( username='fake', password='fake', email='fake', registry='quay.io' ) # username matches client = {} client['username'] = 'fake' self.client.client.login.return_value = client creds = { 'username': 'fake', 'password': 'fake', 'email': 'fake', 'registry': 'quay.io' } self.client.login('quay.io/deis/foobar', creds) docker_login = self.client.client.login docker_login.assert_called_with( username='fake', password='fake', email='fake', registry='quay.io' ) def test_login_failed(self, mock_client): self.client = DockerClient() # failed login client = {} client['Status'] = 'Login Failed' self.client.client.login.return_value = client creds = { 'username': 'fake', 'password': 'fake', 'email': 'fake', 'registry': 'quay.io' } with self.assertRaises(PermissionDenied): self.client.login('quay.io/deis/foobar', creds) docker_login = self.client.client.login docker_login.assert_called_with( username='fake', password='fake', email='fake', registry='quay.io' ) def test_login_bad_creds(self, mock_client): self.client = DockerClient() # missing parts of credentials with self.assertRaises(PermissionDenied): creds = { 'username': 'fake', 'email': 'fake', 'registry': 'quay.io' } self.client.login('quay.io/deis/foobar', creds) # bad credentials with self.assertRaises(PermissionDenied): creds = { 'username': 'fake', 'password': 'fake', 'email': 'fake', 'registry': 'quay.io' } self.client.login('quay.io/deis/foobar', creds) def test_pull(self, mock_client): self.client = DockerClient() self.client.pull('alpine', '3.2') docker_pull = self.client.client.pull docker_pull.assert_called_once_with('alpine', tag='3.2', decode=True, stream=True) # Test that blacklisted image names can't be pulled with self.assertRaises(PermissionDenied): self.client.pull('deis/controller', 'v1.11.1') with self.assertRaises(PermissionDenied): self.client.pull('localhost:5000/deis/controller', 'v1.11.1') def test_push(self, mock_client): self.client = DockerClient() self.client.push('ozzy/embryo', 'v4') docker_push = self.client.client.push docker_push.assert_called_once_with('ozzy/embryo', tag='v4', decode=True, stream=True) def test_tag(self, mock_client): self.client = DockerClient() self.client.tag('ozzy/embryo:git-f2a8020', 'ozzy/embryo', 'v4') docker_tag = self.client.client.tag docker_tag.assert_called_once_with( 'ozzy/embryo:git-f2a8020', 'ozzy/embryo', tag='v4', force=True) # fake failed tag self.client.client.tag.return_value = False with self.assertRaises(RegistryException): self.client.tag('foo/bar:latest', 'foo/bar', 'v1.11.1') # Test that blacklisted image names can't be tagged with self.assertRaises(PermissionDenied): self.client.tag('deis/controller:v1.11.1', 'deis/controller', 'v1.11.1') with self.assertRaises(PermissionDenied): self.client.tag('localhost:5000/deis/controller:v1.11.1', 'deis/controller', 'v1.11.1')