2015-05-26 16:00:05 +00:00
|
|
|
# -*- coding: utf-8 -*-
|
|
|
|
|
'''
|
2017-02-12 00:22:14 +00:00
|
|
|
Unit tests for the docker module
|
2015-05-26 16:00:05 +00:00
|
|
|
'''
|
|
|
|
|
|
|
|
|
|
# Import Python Libs
|
|
|
|
|
from __future__ import absolute_import
|
|
|
|
|
|
|
|
|
|
# Import Salt Testing Libs
|
2017-03-21 23:56:24 +00:00
|
|
|
from tests.support.mixins import LoaderModuleMockMixin
|
2017-02-27 13:58:07 +00:00
|
|
|
from tests.support.unit import skipIf, TestCase
|
|
|
|
|
from tests.support.mock import (
|
2015-05-26 16:00:05 +00:00
|
|
|
MagicMock,
|
|
|
|
|
Mock,
|
|
|
|
|
NO_MOCK,
|
|
|
|
|
NO_MOCK_REASON,
|
|
|
|
|
patch
|
|
|
|
|
)
|
2016-08-17 13:37:14 +00:00
|
|
|
|
2015-05-26 16:00:05 +00:00
|
|
|
# Import Salt Libs
|
2017-09-05 14:11:11 +00:00
|
|
|
import salt.config
|
|
|
|
|
import salt.loader
|
2016-09-01 17:01:39 +00:00
|
|
|
from salt.ext.six.moves import range
|
2017-03-13 20:34:28 +00:00
|
|
|
from salt.exceptions import CommandExecutionError
|
2017-03-23 20:33:56 +00:00
|
|
|
import salt.modules.dockermod as docker_mod
|
2015-05-26 16:00:05 +00:00
|
|
|
|
|
|
|
|
|
2015-09-28 17:53:10 +00:00
|
|
|
def _docker_py_version():
|
Fix a weird import issue
```
ImportError: Failed to import test module: unit.modules.docker_test
Traceback (most recent call last):
File "/usr/lib64/python2.7/unittest/loader.py", line 252, in _find_tests
module = self._get_module_from_name(name)
File "/usr/lib64/python2.7/unittest/loader.py", line 230, in _get_module_from_name
__import__(name)
File "/testing/tests/unit/modules/docker_test.py", line 39, in <module>
class DockerTestCase(TestCase):
File "/testing/tests/unit/modules/docker_test.py", line 103, in DockerTestCase
@skipIf(_docker_py_version() < (1, 4, 0),
File "/testing/tests/unit/modules/docker_test.py", line 34, in _docker_py_version
return docker_mod.docker.version_info
AttributeError: 'module' object has no attribute 'version_info'
```
2017-02-24 00:26:28 +00:00
|
|
|
try:
|
|
|
|
|
if docker_mod.HAS_DOCKER_PY:
|
|
|
|
|
return docker_mod.docker.version_info
|
|
|
|
|
except AttributeError:
|
|
|
|
|
pass
|
2017-02-23 01:20:12 +00:00
|
|
|
return (0,)
|
2015-09-28 17:53:10 +00:00
|
|
|
|
|
|
|
|
|
2015-05-26 16:00:05 +00:00
|
|
|
@skipIf(NO_MOCK, NO_MOCK_REASON)
|
2017-03-21 19:39:34 +00:00
|
|
|
@skipIf(docker_mod.HAS_DOCKER_PY is False, 'docker-py must be installed to run these tests. Skipping.')
|
2017-03-21 23:56:24 +00:00
|
|
|
class DockerTestCase(TestCase, LoaderModuleMockMixin):
|
2015-05-26 16:00:05 +00:00
|
|
|
'''
|
2017-02-12 00:22:14 +00:00
|
|
|
Validate docker module
|
2015-05-26 16:00:05 +00:00
|
|
|
'''
|
2017-03-22 12:12:36 +00:00
|
|
|
def setup_loader_modules(self):
|
2017-09-05 14:11:11 +00:00
|
|
|
utils = salt.loader.utils(
|
|
|
|
|
salt.config.DEFAULT_MINION_OPTS,
|
|
|
|
|
whitelist=['state']
|
|
|
|
|
)
|
|
|
|
|
return {docker_mod: {'__context__': {'docker.docker_version': ''},
|
|
|
|
|
'__utils__': utils}}
|
2015-05-26 16:00:05 +00:00
|
|
|
|
2017-03-30 18:32:24 +00:00
|
|
|
try:
|
|
|
|
|
docker_version = docker_mod.docker.version_info
|
|
|
|
|
except AttributeError:
|
|
|
|
|
docker_version = 0,
|
2017-03-28 23:09:30 +00:00
|
|
|
|
Improved Docker auth handling and other misc. Docker improvements
This commit changes how we handle Docker authentication. We no longer
try to auth when pushing/pulling images. This was initially done based
on a misunderstanding of how authentication was handled in docker-py.
docker-py will automagically use the base64-encoded username/password
combination stored in config.json if present, so we don't need to auth
at all for push or pull, docker-py will handle all of that. We just need
to make sure that we get the auth info into the config.json. To do this
I have added a login() function to the execution module, which uses the
Docker CLI to authenticate (with output_loglevel set to "quiet" to
suppress any logging of the credentials). The CLI is used in this
instance because docker-py provides no interface by which to persist a
login in the config.json; it can read from the file, but is not designed
to *write* to it. Rather than trying to write to this file ourselves,
and potentially breaking it when (not *if*) Docker decides to change the
internal format of the JSON data structure, using the CLI is a way of
future-proofing the authentication logic.
Context caching of the docker-py client instance has also been removed.
Context caching was used based on the same incorrect understanding of
how docker-py handles authentication, and sought to avoid repeated login
attempts. As that is no longer a concern, there is no need to cache the
client instance in the context dunder because we don't really gain a
performance benefit from it.
The _image_wrapper() function has been removed, as it no longer serves
any purpose, and the image-specific code in it that was still needed
has been absorbed into the _client_wrapper() helper. The functions which
used the _image_wrapper() helper (like push() and pull()) now use
_client_wrapper().
Additionally, the decorators used to enforce a minimum Docker version
(or Docker API version) have been removed. These are not necessary since
docker-py handles raising exceptions when a given feature is not
supported by the effective API version. The _client_wrapper() helper
function now checks for miscellaneous docker exceptions by catching the
docker.errors.DockerException class, which is the base class for the
custom exceptions raised by docker-py, and by doing so catches exceptions
raised due to API version incompatibility (and more).
The list of functions in the top-level docstring has been removed as it
is very out-of-date, and is somewhat superfluous anyway given that we
have for some time now had a list of the functions on the right side of
the page in the documentation.
Other changes:
- Fixed a bug I introduced when I overhauled the
docker_container.running state, in which a container with no changes
to be made, which was not running, would be started by the state even
when test=True was passed.
- Custom registry image names are now properly identified. The colon in
the hostname of the custom registry was previously causing incorrect
identification of the image name and tag, when no explicit tag was
being passed (e.g. localhost:5000/myimage).
- When configuring credentials, the creds for the Docker Hub can be
configured under a registry named ``hub``. This keeps the user from
having to figure out the registry URL and configure it in their Pillar
data, and thus makes using this module easier.
- Removes the email address from the documentation for credential
configuration. This was probably initially added because docker-py
accepts it as an argument, but it is entirely ignored for purposes of
authentication (even by docker-py) and is thus unnecessary. Relic of
an earlier time in Docker's history, perhaps?
- Fixed RST references to functions which weren't caught when this
module was renamed to dockermod.py
- Allow filter arguments in docker.networks to be passed as a
comma-separated list as well as a Python list, in keeping with general
usage elsewhere in Salt.
2017-04-02 21:27:06 +00:00
|
|
|
def setUp(self):
|
|
|
|
|
'''
|
|
|
|
|
Ensure we aren't persisting context dunders between tests
|
|
|
|
|
'''
|
|
|
|
|
docker_mod.__context__.pop('docker.client', None)
|
|
|
|
|
|
2015-05-26 16:00:05 +00:00
|
|
|
def test_ps_with_host_true(self):
|
|
|
|
|
'''
|
2017-02-12 00:22:14 +00:00
|
|
|
Check that docker.ps called with host is ``True``,
|
2015-05-26 16:00:05 +00:00
|
|
|
include resutlt of ``network.interfaces`` command in returned result.
|
|
|
|
|
'''
|
Improved Docker auth handling and other misc. Docker improvements
This commit changes how we handle Docker authentication. We no longer
try to auth when pushing/pulling images. This was initially done based
on a misunderstanding of how authentication was handled in docker-py.
docker-py will automagically use the base64-encoded username/password
combination stored in config.json if present, so we don't need to auth
at all for push or pull, docker-py will handle all of that. We just need
to make sure that we get the auth info into the config.json. To do this
I have added a login() function to the execution module, which uses the
Docker CLI to authenticate (with output_loglevel set to "quiet" to
suppress any logging of the credentials). The CLI is used in this
instance because docker-py provides no interface by which to persist a
login in the config.json; it can read from the file, but is not designed
to *write* to it. Rather than trying to write to this file ourselves,
and potentially breaking it when (not *if*) Docker decides to change the
internal format of the JSON data structure, using the CLI is a way of
future-proofing the authentication logic.
Context caching of the docker-py client instance has also been removed.
Context caching was used based on the same incorrect understanding of
how docker-py handles authentication, and sought to avoid repeated login
attempts. As that is no longer a concern, there is no need to cache the
client instance in the context dunder because we don't really gain a
performance benefit from it.
The _image_wrapper() function has been removed, as it no longer serves
any purpose, and the image-specific code in it that was still needed
has been absorbed into the _client_wrapper() helper. The functions which
used the _image_wrapper() helper (like push() and pull()) now use
_client_wrapper().
Additionally, the decorators used to enforce a minimum Docker version
(or Docker API version) have been removed. These are not necessary since
docker-py handles raising exceptions when a given feature is not
supported by the effective API version. The _client_wrapper() helper
function now checks for miscellaneous docker exceptions by catching the
docker.errors.DockerException class, which is the base class for the
custom exceptions raised by docker-py, and by doing so catches exceptions
raised due to API version incompatibility (and more).
The list of functions in the top-level docstring has been removed as it
is very out-of-date, and is somewhat superfluous anyway given that we
have for some time now had a list of the functions on the right side of
the page in the documentation.
Other changes:
- Fixed a bug I introduced when I overhauled the
docker_container.running state, in which a container with no changes
to be made, which was not running, would be started by the state even
when test=True was passed.
- Custom registry image names are now properly identified. The colon in
the hostname of the custom registry was previously causing incorrect
identification of the image name and tag, when no explicit tag was
being passed (e.g. localhost:5000/myimage).
- When configuring credentials, the creds for the Docker Hub can be
configured under a registry named ``hub``. This keeps the user from
having to figure out the registry URL and configure it in their Pillar
data, and thus makes using this module easier.
- Removes the email address from the documentation for credential
configuration. This was probably initially added because docker-py
accepts it as an argument, but it is entirely ignored for purposes of
authentication (even by docker-py) and is thus unnecessary. Relic of
an earlier time in Docker's history, perhaps?
- Fixed RST references to functions which weren't caught when this
module was renamed to dockermod.py
- Allow filter arguments in docker.networks to be passed as a
comma-separated list as well as a Python list, in keeping with general
usage elsewhere in Salt.
2017-04-02 21:27:06 +00:00
|
|
|
client = Mock()
|
|
|
|
|
client.containers = MagicMock(return_value=[])
|
|
|
|
|
get_client_mock = MagicMock(return_value=client)
|
2015-05-26 16:00:05 +00:00
|
|
|
network_interfaces = Mock(return_value={'mocked': None})
|
Improved Docker auth handling and other misc. Docker improvements
This commit changes how we handle Docker authentication. We no longer
try to auth when pushing/pulling images. This was initially done based
on a misunderstanding of how authentication was handled in docker-py.
docker-py will automagically use the base64-encoded username/password
combination stored in config.json if present, so we don't need to auth
at all for push or pull, docker-py will handle all of that. We just need
to make sure that we get the auth info into the config.json. To do this
I have added a login() function to the execution module, which uses the
Docker CLI to authenticate (with output_loglevel set to "quiet" to
suppress any logging of the credentials). The CLI is used in this
instance because docker-py provides no interface by which to persist a
login in the config.json; it can read from the file, but is not designed
to *write* to it. Rather than trying to write to this file ourselves,
and potentially breaking it when (not *if*) Docker decides to change the
internal format of the JSON data structure, using the CLI is a way of
future-proofing the authentication logic.
Context caching of the docker-py client instance has also been removed.
Context caching was used based on the same incorrect understanding of
how docker-py handles authentication, and sought to avoid repeated login
attempts. As that is no longer a concern, there is no need to cache the
client instance in the context dunder because we don't really gain a
performance benefit from it.
The _image_wrapper() function has been removed, as it no longer serves
any purpose, and the image-specific code in it that was still needed
has been absorbed into the _client_wrapper() helper. The functions which
used the _image_wrapper() helper (like push() and pull()) now use
_client_wrapper().
Additionally, the decorators used to enforce a minimum Docker version
(or Docker API version) have been removed. These are not necessary since
docker-py handles raising exceptions when a given feature is not
supported by the effective API version. The _client_wrapper() helper
function now checks for miscellaneous docker exceptions by catching the
docker.errors.DockerException class, which is the base class for the
custom exceptions raised by docker-py, and by doing so catches exceptions
raised due to API version incompatibility (and more).
The list of functions in the top-level docstring has been removed as it
is very out-of-date, and is somewhat superfluous anyway given that we
have for some time now had a list of the functions on the right side of
the page in the documentation.
Other changes:
- Fixed a bug I introduced when I overhauled the
docker_container.running state, in which a container with no changes
to be made, which was not running, would be started by the state even
when test=True was passed.
- Custom registry image names are now properly identified. The colon in
the hostname of the custom registry was previously causing incorrect
identification of the image name and tag, when no explicit tag was
being passed (e.g. localhost:5000/myimage).
- When configuring credentials, the creds for the Docker Hub can be
configured under a registry named ``hub``. This keeps the user from
having to figure out the registry URL and configure it in their Pillar
data, and thus makes using this module easier.
- Removes the email address from the documentation for credential
configuration. This was probably initially added because docker-py
accepts it as an argument, but it is entirely ignored for purposes of
authentication (even by docker-py) and is thus unnecessary. Relic of
an earlier time in Docker's history, perhaps?
- Fixed RST references to functions which weren't caught when this
module was renamed to dockermod.py
- Allow filter arguments in docker.networks to be passed as a
comma-separated list as well as a Python list, in keeping with general
usage elsewhere in Salt.
2017-04-02 21:27:06 +00:00
|
|
|
|
2017-02-12 00:22:14 +00:00
|
|
|
with patch.dict(docker_mod.__salt__,
|
2015-05-26 16:00:05 +00:00
|
|
|
{'network.interfaces': network_interfaces}):
|
Improved Docker auth handling and other misc. Docker improvements
This commit changes how we handle Docker authentication. We no longer
try to auth when pushing/pulling images. This was initially done based
on a misunderstanding of how authentication was handled in docker-py.
docker-py will automagically use the base64-encoded username/password
combination stored in config.json if present, so we don't need to auth
at all for push or pull, docker-py will handle all of that. We just need
to make sure that we get the auth info into the config.json. To do this
I have added a login() function to the execution module, which uses the
Docker CLI to authenticate (with output_loglevel set to "quiet" to
suppress any logging of the credentials). The CLI is used in this
instance because docker-py provides no interface by which to persist a
login in the config.json; it can read from the file, but is not designed
to *write* to it. Rather than trying to write to this file ourselves,
and potentially breaking it when (not *if*) Docker decides to change the
internal format of the JSON data structure, using the CLI is a way of
future-proofing the authentication logic.
Context caching of the docker-py client instance has also been removed.
Context caching was used based on the same incorrect understanding of
how docker-py handles authentication, and sought to avoid repeated login
attempts. As that is no longer a concern, there is no need to cache the
client instance in the context dunder because we don't really gain a
performance benefit from it.
The _image_wrapper() function has been removed, as it no longer serves
any purpose, and the image-specific code in it that was still needed
has been absorbed into the _client_wrapper() helper. The functions which
used the _image_wrapper() helper (like push() and pull()) now use
_client_wrapper().
Additionally, the decorators used to enforce a minimum Docker version
(or Docker API version) have been removed. These are not necessary since
docker-py handles raising exceptions when a given feature is not
supported by the effective API version. The _client_wrapper() helper
function now checks for miscellaneous docker exceptions by catching the
docker.errors.DockerException class, which is the base class for the
custom exceptions raised by docker-py, and by doing so catches exceptions
raised due to API version incompatibility (and more).
The list of functions in the top-level docstring has been removed as it
is very out-of-date, and is somewhat superfluous anyway given that we
have for some time now had a list of the functions on the right side of
the page in the documentation.
Other changes:
- Fixed a bug I introduced when I overhauled the
docker_container.running state, in which a container with no changes
to be made, which was not running, would be started by the state even
when test=True was passed.
- Custom registry image names are now properly identified. The colon in
the hostname of the custom registry was previously causing incorrect
identification of the image name and tag, when no explicit tag was
being passed (e.g. localhost:5000/myimage).
- When configuring credentials, the creds for the Docker Hub can be
configured under a registry named ``hub``. This keeps the user from
having to figure out the registry URL and configure it in their Pillar
data, and thus makes using this module easier.
- Removes the email address from the documentation for credential
configuration. This was probably initially added because docker-py
accepts it as an argument, but it is entirely ignored for purposes of
authentication (even by docker-py) and is thus unnecessary. Relic of
an earlier time in Docker's history, perhaps?
- Fixed RST references to functions which weren't caught when this
module was renamed to dockermod.py
- Allow filter arguments in docker.networks to be passed as a
comma-separated list as well as a Python list, in keeping with general
usage elsewhere in Salt.
2017-04-02 21:27:06 +00:00
|
|
|
with patch.object(docker_mod, '_get_client', get_client_mock):
|
2017-02-12 00:22:14 +00:00
|
|
|
ret = docker_mod.ps_(host=True)
|
2015-05-26 16:00:05 +00:00
|
|
|
self.assertEqual(ret,
|
|
|
|
|
{'host': {'interfaces': {'mocked': None}}})
|
|
|
|
|
|
2015-10-07 13:06:16 +00:00
|
|
|
def test_ps_with_filters(self):
|
|
|
|
|
'''
|
2017-02-12 00:22:14 +00:00
|
|
|
Check that docker.ps accept filters parameter.
|
2015-10-07 13:06:16 +00:00
|
|
|
'''
|
Improved Docker auth handling and other misc. Docker improvements
This commit changes how we handle Docker authentication. We no longer
try to auth when pushing/pulling images. This was initially done based
on a misunderstanding of how authentication was handled in docker-py.
docker-py will automagically use the base64-encoded username/password
combination stored in config.json if present, so we don't need to auth
at all for push or pull, docker-py will handle all of that. We just need
to make sure that we get the auth info into the config.json. To do this
I have added a login() function to the execution module, which uses the
Docker CLI to authenticate (with output_loglevel set to "quiet" to
suppress any logging of the credentials). The CLI is used in this
instance because docker-py provides no interface by which to persist a
login in the config.json; it can read from the file, but is not designed
to *write* to it. Rather than trying to write to this file ourselves,
and potentially breaking it when (not *if*) Docker decides to change the
internal format of the JSON data structure, using the CLI is a way of
future-proofing the authentication logic.
Context caching of the docker-py client instance has also been removed.
Context caching was used based on the same incorrect understanding of
how docker-py handles authentication, and sought to avoid repeated login
attempts. As that is no longer a concern, there is no need to cache the
client instance in the context dunder because we don't really gain a
performance benefit from it.
The _image_wrapper() function has been removed, as it no longer serves
any purpose, and the image-specific code in it that was still needed
has been absorbed into the _client_wrapper() helper. The functions which
used the _image_wrapper() helper (like push() and pull()) now use
_client_wrapper().
Additionally, the decorators used to enforce a minimum Docker version
(or Docker API version) have been removed. These are not necessary since
docker-py handles raising exceptions when a given feature is not
supported by the effective API version. The _client_wrapper() helper
function now checks for miscellaneous docker exceptions by catching the
docker.errors.DockerException class, which is the base class for the
custom exceptions raised by docker-py, and by doing so catches exceptions
raised due to API version incompatibility (and more).
The list of functions in the top-level docstring has been removed as it
is very out-of-date, and is somewhat superfluous anyway given that we
have for some time now had a list of the functions on the right side of
the page in the documentation.
Other changes:
- Fixed a bug I introduced when I overhauled the
docker_container.running state, in which a container with no changes
to be made, which was not running, would be started by the state even
when test=True was passed.
- Custom registry image names are now properly identified. The colon in
the hostname of the custom registry was previously causing incorrect
identification of the image name and tag, when no explicit tag was
being passed (e.g. localhost:5000/myimage).
- When configuring credentials, the creds for the Docker Hub can be
configured under a registry named ``hub``. This keeps the user from
having to figure out the registry URL and configure it in their Pillar
data, and thus makes using this module easier.
- Removes the email address from the documentation for credential
configuration. This was probably initially added because docker-py
accepts it as an argument, but it is entirely ignored for purposes of
authentication (even by docker-py) and is thus unnecessary. Relic of
an earlier time in Docker's history, perhaps?
- Fixed RST references to functions which weren't caught when this
module was renamed to dockermod.py
- Allow filter arguments in docker.networks to be passed as a
comma-separated list as well as a Python list, in keeping with general
usage elsewhere in Salt.
2017-04-02 21:27:06 +00:00
|
|
|
client = Mock()
|
|
|
|
|
client.containers = MagicMock(return_value=[])
|
|
|
|
|
get_client_mock = MagicMock(return_value=client)
|
|
|
|
|
|
|
|
|
|
with patch.object(docker_mod, '_get_client', get_client_mock):
|
2017-02-12 00:22:14 +00:00
|
|
|
docker_mod.ps_(filters={'label': 'KEY'})
|
2015-10-07 13:06:16 +00:00
|
|
|
client.containers.assert_called_once_with(
|
|
|
|
|
all=True,
|
|
|
|
|
filters={'label': 'KEY'})
|
|
|
|
|
|
2017-04-10 13:00:57 +00:00
|
|
|
def test_check_mine_cache_is_refreshed_on_container_change_event(self):
|
2015-05-26 16:00:05 +00:00
|
|
|
'''
|
|
|
|
|
Every command that might modify docker containers state.
|
|
|
|
|
Should trig an update on ``mine.send``
|
|
|
|
|
'''
|
2017-04-10 13:00:57 +00:00
|
|
|
with patch.object(docker_mod, '_get_exec_driver'):
|
|
|
|
|
client_args_mock = MagicMock(return_value={
|
|
|
|
|
'create_container': [
|
|
|
|
|
'image', 'command', 'hostname', 'user', 'detach', 'stdin_open',
|
|
|
|
|
'tty', 'ports', 'environment', 'volumes', 'network_disabled',
|
|
|
|
|
'name', 'entrypoint', 'working_dir', 'domainname', 'cpuset',
|
|
|
|
|
'host_config', 'mac_address', 'labels', 'volume_driver',
|
|
|
|
|
'stop_signal', 'networking_config', 'healthcheck',
|
|
|
|
|
'stop_timeout'],
|
|
|
|
|
'host_config': [
|
|
|
|
|
'binds', 'port_bindings', 'lxc_conf', 'publish_all_ports',
|
|
|
|
|
'links', 'privileged', 'dns', 'dns_search', 'volumes_from',
|
|
|
|
|
'network_mode', 'restart_policy', 'cap_add', 'cap_drop',
|
|
|
|
|
'devices', 'extra_hosts', 'read_only', 'pid_mode', 'ipc_mode',
|
|
|
|
|
'security_opt', 'ulimits', 'log_config', 'mem_limit',
|
|
|
|
|
'memswap_limit', 'mem_reservation', 'kernel_memory',
|
|
|
|
|
'mem_swappiness', 'cgroup_parent', 'group_add', 'cpu_quota',
|
|
|
|
|
'cpu_period', 'blkio_weight', 'blkio_weight_device',
|
|
|
|
|
'device_read_bps', 'device_write_bps', 'device_read_iops',
|
|
|
|
|
'device_write_iops', 'oom_kill_disable', 'shm_size', 'sysctls',
|
|
|
|
|
'tmpfs', 'oom_score_adj', 'dns_opt', 'cpu_shares',
|
|
|
|
|
'cpuset_cpus', 'userns_mode', 'pids_limit', 'isolation',
|
|
|
|
|
'auto_remove', 'storage_opt'],
|
|
|
|
|
'networking_config': [
|
|
|
|
|
'aliases', 'links', 'ipv4_address', 'ipv6_address',
|
|
|
|
|
'link_local_ips'],
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
for command_name, args in (('create', ()),
|
|
|
|
|
('rm_', ()),
|
|
|
|
|
('kill', ()),
|
|
|
|
|
('pause', ()),
|
|
|
|
|
('signal_', ('KILL',)),
|
|
|
|
|
('start', ()),
|
|
|
|
|
('stop', ()),
|
|
|
|
|
('unpause', ()),
|
|
|
|
|
('_run', ('command',)),
|
|
|
|
|
('_script', ('command',)),
|
|
|
|
|
):
|
|
|
|
|
mine_send = Mock()
|
|
|
|
|
command = getattr(docker_mod, command_name)
|
|
|
|
|
client = MagicMock()
|
|
|
|
|
client.api_version = '1.12'
|
|
|
|
|
with patch.dict(docker_mod.__salt__,
|
|
|
|
|
{'mine.send': mine_send,
|
|
|
|
|
'container_resource.run': MagicMock(),
|
2017-08-21 15:35:46 +00:00
|
|
|
'cp.cache_file': MagicMock(return_value=False)}):
|
|
|
|
|
with patch.dict(docker_mod.__utils__,
|
|
|
|
|
{'docker.get_client_args': client_args_mock}):
|
|
|
|
|
with patch.object(docker_mod, '_get_client', client):
|
|
|
|
|
command('container', *args)
|
2017-04-10 13:00:57 +00:00
|
|
|
mine_send.assert_called_with('docker.ps', verbose=True, all=True,
|
|
|
|
|
host=True)
|
2015-05-26 16:00:05 +00:00
|
|
|
|
2015-11-23 11:27:36 +00:00
|
|
|
@skipIf(_docker_py_version() < (1, 5, 0),
|
|
|
|
|
'docker module must be installed to run this test or is too old. >=1.5.0')
|
|
|
|
|
def test_list_networks(self, *args):
|
|
|
|
|
'''
|
|
|
|
|
test list networks.
|
|
|
|
|
'''
|
|
|
|
|
__salt__ = {
|
|
|
|
|
'config.get': Mock(),
|
|
|
|
|
'mine.send': Mock(),
|
|
|
|
|
}
|
|
|
|
|
host_config = {}
|
|
|
|
|
client = Mock()
|
|
|
|
|
client.api_version = '1.21'
|
Improved Docker auth handling and other misc. Docker improvements
This commit changes how we handle Docker authentication. We no longer
try to auth when pushing/pulling images. This was initially done based
on a misunderstanding of how authentication was handled in docker-py.
docker-py will automagically use the base64-encoded username/password
combination stored in config.json if present, so we don't need to auth
at all for push or pull, docker-py will handle all of that. We just need
to make sure that we get the auth info into the config.json. To do this
I have added a login() function to the execution module, which uses the
Docker CLI to authenticate (with output_loglevel set to "quiet" to
suppress any logging of the credentials). The CLI is used in this
instance because docker-py provides no interface by which to persist a
login in the config.json; it can read from the file, but is not designed
to *write* to it. Rather than trying to write to this file ourselves,
and potentially breaking it when (not *if*) Docker decides to change the
internal format of the JSON data structure, using the CLI is a way of
future-proofing the authentication logic.
Context caching of the docker-py client instance has also been removed.
Context caching was used based on the same incorrect understanding of
how docker-py handles authentication, and sought to avoid repeated login
attempts. As that is no longer a concern, there is no need to cache the
client instance in the context dunder because we don't really gain a
performance benefit from it.
The _image_wrapper() function has been removed, as it no longer serves
any purpose, and the image-specific code in it that was still needed
has been absorbed into the _client_wrapper() helper. The functions which
used the _image_wrapper() helper (like push() and pull()) now use
_client_wrapper().
Additionally, the decorators used to enforce a minimum Docker version
(or Docker API version) have been removed. These are not necessary since
docker-py handles raising exceptions when a given feature is not
supported by the effective API version. The _client_wrapper() helper
function now checks for miscellaneous docker exceptions by catching the
docker.errors.DockerException class, which is the base class for the
custom exceptions raised by docker-py, and by doing so catches exceptions
raised due to API version incompatibility (and more).
The list of functions in the top-level docstring has been removed as it
is very out-of-date, and is somewhat superfluous anyway given that we
have for some time now had a list of the functions on the right side of
the page in the documentation.
Other changes:
- Fixed a bug I introduced when I overhauled the
docker_container.running state, in which a container with no changes
to be made, which was not running, would be started by the state even
when test=True was passed.
- Custom registry image names are now properly identified. The colon in
the hostname of the custom registry was previously causing incorrect
identification of the image name and tag, when no explicit tag was
being passed (e.g. localhost:5000/myimage).
- When configuring credentials, the creds for the Docker Hub can be
configured under a registry named ``hub``. This keeps the user from
having to figure out the registry URL and configure it in their Pillar
data, and thus makes using this module easier.
- Removes the email address from the documentation for credential
configuration. This was probably initially added because docker-py
accepts it as an argument, but it is entirely ignored for purposes of
authentication (even by docker-py) and is thus unnecessary. Relic of
an earlier time in Docker's history, perhaps?
- Fixed RST references to functions which weren't caught when this
module was renamed to dockermod.py
- Allow filter arguments in docker.networks to be passed as a
comma-separated list as well as a Python list, in keeping with general
usage elsewhere in Salt.
2017-04-02 21:27:06 +00:00
|
|
|
get_client_mock = MagicMock(return_value=client)
|
|
|
|
|
|
2017-02-12 00:22:14 +00:00
|
|
|
with patch.dict(docker_mod.__dict__,
|
2015-11-23 11:27:36 +00:00
|
|
|
{'__salt__': __salt__}):
|
Improved Docker auth handling and other misc. Docker improvements
This commit changes how we handle Docker authentication. We no longer
try to auth when pushing/pulling images. This was initially done based
on a misunderstanding of how authentication was handled in docker-py.
docker-py will automagically use the base64-encoded username/password
combination stored in config.json if present, so we don't need to auth
at all for push or pull, docker-py will handle all of that. We just need
to make sure that we get the auth info into the config.json. To do this
I have added a login() function to the execution module, which uses the
Docker CLI to authenticate (with output_loglevel set to "quiet" to
suppress any logging of the credentials). The CLI is used in this
instance because docker-py provides no interface by which to persist a
login in the config.json; it can read from the file, but is not designed
to *write* to it. Rather than trying to write to this file ourselves,
and potentially breaking it when (not *if*) Docker decides to change the
internal format of the JSON data structure, using the CLI is a way of
future-proofing the authentication logic.
Context caching of the docker-py client instance has also been removed.
Context caching was used based on the same incorrect understanding of
how docker-py handles authentication, and sought to avoid repeated login
attempts. As that is no longer a concern, there is no need to cache the
client instance in the context dunder because we don't really gain a
performance benefit from it.
The _image_wrapper() function has been removed, as it no longer serves
any purpose, and the image-specific code in it that was still needed
has been absorbed into the _client_wrapper() helper. The functions which
used the _image_wrapper() helper (like push() and pull()) now use
_client_wrapper().
Additionally, the decorators used to enforce a minimum Docker version
(or Docker API version) have been removed. These are not necessary since
docker-py handles raising exceptions when a given feature is not
supported by the effective API version. The _client_wrapper() helper
function now checks for miscellaneous docker exceptions by catching the
docker.errors.DockerException class, which is the base class for the
custom exceptions raised by docker-py, and by doing so catches exceptions
raised due to API version incompatibility (and more).
The list of functions in the top-level docstring has been removed as it
is very out-of-date, and is somewhat superfluous anyway given that we
have for some time now had a list of the functions on the right side of
the page in the documentation.
Other changes:
- Fixed a bug I introduced when I overhauled the
docker_container.running state, in which a container with no changes
to be made, which was not running, would be started by the state even
when test=True was passed.
- Custom registry image names are now properly identified. The colon in
the hostname of the custom registry was previously causing incorrect
identification of the image name and tag, when no explicit tag was
being passed (e.g. localhost:5000/myimage).
- When configuring credentials, the creds for the Docker Hub can be
configured under a registry named ``hub``. This keeps the user from
having to figure out the registry URL and configure it in their Pillar
data, and thus makes using this module easier.
- Removes the email address from the documentation for credential
configuration. This was probably initially added because docker-py
accepts it as an argument, but it is entirely ignored for purposes of
authentication (even by docker-py) and is thus unnecessary. Relic of
an earlier time in Docker's history, perhaps?
- Fixed RST references to functions which weren't caught when this
module was renamed to dockermod.py
- Allow filter arguments in docker.networks to be passed as a
comma-separated list as well as a Python list, in keeping with general
usage elsewhere in Salt.
2017-04-02 21:27:06 +00:00
|
|
|
with patch.object(docker_mod, '_get_client', get_client_mock):
|
|
|
|
|
docker_mod.networks(names=['foo'], ids=['01234'])
|
|
|
|
|
client.networks.assert_called_once_with(names=['foo'], ids=['01234'])
|
2015-11-23 11:27:36 +00:00
|
|
|
|
2017-03-28 23:09:30 +00:00
|
|
|
@skipIf(docker_version < (1, 5, 0),
|
2015-11-23 11:27:36 +00:00
|
|
|
'docker module must be installed to run this test or is too old. >=1.5.0')
|
|
|
|
|
def test_create_network(self, *args):
|
|
|
|
|
'''
|
|
|
|
|
test create network.
|
|
|
|
|
'''
|
|
|
|
|
__salt__ = {
|
|
|
|
|
'config.get': Mock(),
|
|
|
|
|
'mine.send': Mock(),
|
|
|
|
|
}
|
|
|
|
|
host_config = {}
|
|
|
|
|
client = Mock()
|
|
|
|
|
client.api_version = '1.21'
|
Improved Docker auth handling and other misc. Docker improvements
This commit changes how we handle Docker authentication. We no longer
try to auth when pushing/pulling images. This was initially done based
on a misunderstanding of how authentication was handled in docker-py.
docker-py will automagically use the base64-encoded username/password
combination stored in config.json if present, so we don't need to auth
at all for push or pull, docker-py will handle all of that. We just need
to make sure that we get the auth info into the config.json. To do this
I have added a login() function to the execution module, which uses the
Docker CLI to authenticate (with output_loglevel set to "quiet" to
suppress any logging of the credentials). The CLI is used in this
instance because docker-py provides no interface by which to persist a
login in the config.json; it can read from the file, but is not designed
to *write* to it. Rather than trying to write to this file ourselves,
and potentially breaking it when (not *if*) Docker decides to change the
internal format of the JSON data structure, using the CLI is a way of
future-proofing the authentication logic.
Context caching of the docker-py client instance has also been removed.
Context caching was used based on the same incorrect understanding of
how docker-py handles authentication, and sought to avoid repeated login
attempts. As that is no longer a concern, there is no need to cache the
client instance in the context dunder because we don't really gain a
performance benefit from it.
The _image_wrapper() function has been removed, as it no longer serves
any purpose, and the image-specific code in it that was still needed
has been absorbed into the _client_wrapper() helper. The functions which
used the _image_wrapper() helper (like push() and pull()) now use
_client_wrapper().
Additionally, the decorators used to enforce a minimum Docker version
(or Docker API version) have been removed. These are not necessary since
docker-py handles raising exceptions when a given feature is not
supported by the effective API version. The _client_wrapper() helper
function now checks for miscellaneous docker exceptions by catching the
docker.errors.DockerException class, which is the base class for the
custom exceptions raised by docker-py, and by doing so catches exceptions
raised due to API version incompatibility (and more).
The list of functions in the top-level docstring has been removed as it
is very out-of-date, and is somewhat superfluous anyway given that we
have for some time now had a list of the functions on the right side of
the page in the documentation.
Other changes:
- Fixed a bug I introduced when I overhauled the
docker_container.running state, in which a container with no changes
to be made, which was not running, would be started by the state even
when test=True was passed.
- Custom registry image names are now properly identified. The colon in
the hostname of the custom registry was previously causing incorrect
identification of the image name and tag, when no explicit tag was
being passed (e.g. localhost:5000/myimage).
- When configuring credentials, the creds for the Docker Hub can be
configured under a registry named ``hub``. This keeps the user from
having to figure out the registry URL and configure it in their Pillar
data, and thus makes using this module easier.
- Removes the email address from the documentation for credential
configuration. This was probably initially added because docker-py
accepts it as an argument, but it is entirely ignored for purposes of
authentication (even by docker-py) and is thus unnecessary. Relic of
an earlier time in Docker's history, perhaps?
- Fixed RST references to functions which weren't caught when this
module was renamed to dockermod.py
- Allow filter arguments in docker.networks to be passed as a
comma-separated list as well as a Python list, in keeping with general
usage elsewhere in Salt.
2017-04-02 21:27:06 +00:00
|
|
|
get_client_mock = MagicMock(return_value=client)
|
|
|
|
|
|
2017-02-12 00:22:14 +00:00
|
|
|
with patch.dict(docker_mod.__dict__,
|
2015-11-23 11:27:36 +00:00
|
|
|
{'__salt__': __salt__}):
|
Improved Docker auth handling and other misc. Docker improvements
This commit changes how we handle Docker authentication. We no longer
try to auth when pushing/pulling images. This was initially done based
on a misunderstanding of how authentication was handled in docker-py.
docker-py will automagically use the base64-encoded username/password
combination stored in config.json if present, so we don't need to auth
at all for push or pull, docker-py will handle all of that. We just need
to make sure that we get the auth info into the config.json. To do this
I have added a login() function to the execution module, which uses the
Docker CLI to authenticate (with output_loglevel set to "quiet" to
suppress any logging of the credentials). The CLI is used in this
instance because docker-py provides no interface by which to persist a
login in the config.json; it can read from the file, but is not designed
to *write* to it. Rather than trying to write to this file ourselves,
and potentially breaking it when (not *if*) Docker decides to change the
internal format of the JSON data structure, using the CLI is a way of
future-proofing the authentication logic.
Context caching of the docker-py client instance has also been removed.
Context caching was used based on the same incorrect understanding of
how docker-py handles authentication, and sought to avoid repeated login
attempts. As that is no longer a concern, there is no need to cache the
client instance in the context dunder because we don't really gain a
performance benefit from it.
The _image_wrapper() function has been removed, as it no longer serves
any purpose, and the image-specific code in it that was still needed
has been absorbed into the _client_wrapper() helper. The functions which
used the _image_wrapper() helper (like push() and pull()) now use
_client_wrapper().
Additionally, the decorators used to enforce a minimum Docker version
(or Docker API version) have been removed. These are not necessary since
docker-py handles raising exceptions when a given feature is not
supported by the effective API version. The _client_wrapper() helper
function now checks for miscellaneous docker exceptions by catching the
docker.errors.DockerException class, which is the base class for the
custom exceptions raised by docker-py, and by doing so catches exceptions
raised due to API version incompatibility (and more).
The list of functions in the top-level docstring has been removed as it
is very out-of-date, and is somewhat superfluous anyway given that we
have for some time now had a list of the functions on the right side of
the page in the documentation.
Other changes:
- Fixed a bug I introduced when I overhauled the
docker_container.running state, in which a container with no changes
to be made, which was not running, would be started by the state even
when test=True was passed.
- Custom registry image names are now properly identified. The colon in
the hostname of the custom registry was previously causing incorrect
identification of the image name and tag, when no explicit tag was
being passed (e.g. localhost:5000/myimage).
- When configuring credentials, the creds for the Docker Hub can be
configured under a registry named ``hub``. This keeps the user from
having to figure out the registry URL and configure it in their Pillar
data, and thus makes using this module easier.
- Removes the email address from the documentation for credential
configuration. This was probably initially added because docker-py
accepts it as an argument, but it is entirely ignored for purposes of
authentication (even by docker-py) and is thus unnecessary. Relic of
an earlier time in Docker's history, perhaps?
- Fixed RST references to functions which weren't caught when this
module was renamed to dockermod.py
- Allow filter arguments in docker.networks to be passed as a
comma-separated list as well as a Python list, in keeping with general
usage elsewhere in Salt.
2017-04-02 21:27:06 +00:00
|
|
|
with patch.object(docker_mod, '_get_client', get_client_mock):
|
2017-04-18 18:25:46 +00:00
|
|
|
docker_mod.create_network('foo',
|
|
|
|
|
driver='bridge',
|
2017-08-17 06:26:08 +00:00
|
|
|
driver_opts={},
|
|
|
|
|
gateway='192.168.0.1',
|
|
|
|
|
ip_range='192.168.0.128/25',
|
|
|
|
|
subnet='192.168.0.0/24'
|
|
|
|
|
)
|
2017-04-18 18:25:46 +00:00
|
|
|
client.create_network.assert_called_once_with('foo',
|
|
|
|
|
driver='bridge',
|
|
|
|
|
options={},
|
2017-08-17 06:26:08 +00:00
|
|
|
ipam={
|
|
|
|
|
'Config': [{
|
|
|
|
|
'Gateway': '192.168.0.1',
|
|
|
|
|
'IPRange': '192.168.0.128/25',
|
|
|
|
|
'Subnet': '192.168.0.0/24'
|
|
|
|
|
}],
|
|
|
|
|
'Driver': 'default',
|
|
|
|
|
'Options': {}
|
|
|
|
|
},
|
2017-04-18 18:25:46 +00:00
|
|
|
check_duplicate=True)
|
2015-11-23 11:27:36 +00:00
|
|
|
|
2017-03-28 23:09:30 +00:00
|
|
|
@skipIf(docker_version < (1, 5, 0),
|
2015-11-23 11:27:36 +00:00
|
|
|
'docker module must be installed to run this test or is too old. >=1.5.0')
|
|
|
|
|
def test_remove_network(self, *args):
|
|
|
|
|
'''
|
|
|
|
|
test remove network.
|
|
|
|
|
'''
|
|
|
|
|
__salt__ = {
|
|
|
|
|
'config.get': Mock(),
|
|
|
|
|
'mine.send': Mock(),
|
|
|
|
|
}
|
|
|
|
|
host_config = {}
|
|
|
|
|
client = Mock()
|
|
|
|
|
client.api_version = '1.21'
|
Improved Docker auth handling and other misc. Docker improvements
This commit changes how we handle Docker authentication. We no longer
try to auth when pushing/pulling images. This was initially done based
on a misunderstanding of how authentication was handled in docker-py.
docker-py will automagically use the base64-encoded username/password
combination stored in config.json if present, so we don't need to auth
at all for push or pull, docker-py will handle all of that. We just need
to make sure that we get the auth info into the config.json. To do this
I have added a login() function to the execution module, which uses the
Docker CLI to authenticate (with output_loglevel set to "quiet" to
suppress any logging of the credentials). The CLI is used in this
instance because docker-py provides no interface by which to persist a
login in the config.json; it can read from the file, but is not designed
to *write* to it. Rather than trying to write to this file ourselves,
and potentially breaking it when (not *if*) Docker decides to change the
internal format of the JSON data structure, using the CLI is a way of
future-proofing the authentication logic.
Context caching of the docker-py client instance has also been removed.
Context caching was used based on the same incorrect understanding of
how docker-py handles authentication, and sought to avoid repeated login
attempts. As that is no longer a concern, there is no need to cache the
client instance in the context dunder because we don't really gain a
performance benefit from it.
The _image_wrapper() function has been removed, as it no longer serves
any purpose, and the image-specific code in it that was still needed
has been absorbed into the _client_wrapper() helper. The functions which
used the _image_wrapper() helper (like push() and pull()) now use
_client_wrapper().
Additionally, the decorators used to enforce a minimum Docker version
(or Docker API version) have been removed. These are not necessary since
docker-py handles raising exceptions when a given feature is not
supported by the effective API version. The _client_wrapper() helper
function now checks for miscellaneous docker exceptions by catching the
docker.errors.DockerException class, which is the base class for the
custom exceptions raised by docker-py, and by doing so catches exceptions
raised due to API version incompatibility (and more).
The list of functions in the top-level docstring has been removed as it
is very out-of-date, and is somewhat superfluous anyway given that we
have for some time now had a list of the functions on the right side of
the page in the documentation.
Other changes:
- Fixed a bug I introduced when I overhauled the
docker_container.running state, in which a container with no changes
to be made, which was not running, would be started by the state even
when test=True was passed.
- Custom registry image names are now properly identified. The colon in
the hostname of the custom registry was previously causing incorrect
identification of the image name and tag, when no explicit tag was
being passed (e.g. localhost:5000/myimage).
- When configuring credentials, the creds for the Docker Hub can be
configured under a registry named ``hub``. This keeps the user from
having to figure out the registry URL and configure it in their Pillar
data, and thus makes using this module easier.
- Removes the email address from the documentation for credential
configuration. This was probably initially added because docker-py
accepts it as an argument, but it is entirely ignored for purposes of
authentication (even by docker-py) and is thus unnecessary. Relic of
an earlier time in Docker's history, perhaps?
- Fixed RST references to functions which weren't caught when this
module was renamed to dockermod.py
- Allow filter arguments in docker.networks to be passed as a
comma-separated list as well as a Python list, in keeping with general
usage elsewhere in Salt.
2017-04-02 21:27:06 +00:00
|
|
|
get_client_mock = MagicMock(return_value=client)
|
|
|
|
|
|
2017-02-12 00:22:14 +00:00
|
|
|
with patch.dict(docker_mod.__dict__,
|
2015-11-23 11:27:36 +00:00
|
|
|
{'__salt__': __salt__}):
|
Improved Docker auth handling and other misc. Docker improvements
This commit changes how we handle Docker authentication. We no longer
try to auth when pushing/pulling images. This was initially done based
on a misunderstanding of how authentication was handled in docker-py.
docker-py will automagically use the base64-encoded username/password
combination stored in config.json if present, so we don't need to auth
at all for push or pull, docker-py will handle all of that. We just need
to make sure that we get the auth info into the config.json. To do this
I have added a login() function to the execution module, which uses the
Docker CLI to authenticate (with output_loglevel set to "quiet" to
suppress any logging of the credentials). The CLI is used in this
instance because docker-py provides no interface by which to persist a
login in the config.json; it can read from the file, but is not designed
to *write* to it. Rather than trying to write to this file ourselves,
and potentially breaking it when (not *if*) Docker decides to change the
internal format of the JSON data structure, using the CLI is a way of
future-proofing the authentication logic.
Context caching of the docker-py client instance has also been removed.
Context caching was used based on the same incorrect understanding of
how docker-py handles authentication, and sought to avoid repeated login
attempts. As that is no longer a concern, there is no need to cache the
client instance in the context dunder because we don't really gain a
performance benefit from it.
The _image_wrapper() function has been removed, as it no longer serves
any purpose, and the image-specific code in it that was still needed
has been absorbed into the _client_wrapper() helper. The functions which
used the _image_wrapper() helper (like push() and pull()) now use
_client_wrapper().
Additionally, the decorators used to enforce a minimum Docker version
(or Docker API version) have been removed. These are not necessary since
docker-py handles raising exceptions when a given feature is not
supported by the effective API version. The _client_wrapper() helper
function now checks for miscellaneous docker exceptions by catching the
docker.errors.DockerException class, which is the base class for the
custom exceptions raised by docker-py, and by doing so catches exceptions
raised due to API version incompatibility (and more).
The list of functions in the top-level docstring has been removed as it
is very out-of-date, and is somewhat superfluous anyway given that we
have for some time now had a list of the functions on the right side of
the page in the documentation.
Other changes:
- Fixed a bug I introduced when I overhauled the
docker_container.running state, in which a container with no changes
to be made, which was not running, would be started by the state even
when test=True was passed.
- Custom registry image names are now properly identified. The colon in
the hostname of the custom registry was previously causing incorrect
identification of the image name and tag, when no explicit tag was
being passed (e.g. localhost:5000/myimage).
- When configuring credentials, the creds for the Docker Hub can be
configured under a registry named ``hub``. This keeps the user from
having to figure out the registry URL and configure it in their Pillar
data, and thus makes using this module easier.
- Removes the email address from the documentation for credential
configuration. This was probably initially added because docker-py
accepts it as an argument, but it is entirely ignored for purposes of
authentication (even by docker-py) and is thus unnecessary. Relic of
an earlier time in Docker's history, perhaps?
- Fixed RST references to functions which weren't caught when this
module was renamed to dockermod.py
- Allow filter arguments in docker.networks to be passed as a
comma-separated list as well as a Python list, in keeping with general
usage elsewhere in Salt.
2017-04-02 21:27:06 +00:00
|
|
|
with patch.object(docker_mod, '_get_client', get_client_mock):
|
2017-02-12 00:22:14 +00:00
|
|
|
docker_mod.remove_network('foo')
|
2015-11-23 11:27:36 +00:00
|
|
|
client.remove_network.assert_called_once_with('foo')
|
|
|
|
|
|
2017-03-28 23:09:30 +00:00
|
|
|
@skipIf(docker_version < (1, 5, 0),
|
2015-11-23 11:27:36 +00:00
|
|
|
'docker module must be installed to run this test or is too old. >=1.5.0')
|
|
|
|
|
def test_inspect_network(self, *args):
|
|
|
|
|
'''
|
|
|
|
|
test inspect network.
|
|
|
|
|
'''
|
|
|
|
|
__salt__ = {
|
|
|
|
|
'config.get': Mock(),
|
|
|
|
|
'mine.send': Mock(),
|
|
|
|
|
}
|
|
|
|
|
host_config = {}
|
|
|
|
|
client = Mock()
|
|
|
|
|
client.api_version = '1.21'
|
Improved Docker auth handling and other misc. Docker improvements
This commit changes how we handle Docker authentication. We no longer
try to auth when pushing/pulling images. This was initially done based
on a misunderstanding of how authentication was handled in docker-py.
docker-py will automagically use the base64-encoded username/password
combination stored in config.json if present, so we don't need to auth
at all for push or pull, docker-py will handle all of that. We just need
to make sure that we get the auth info into the config.json. To do this
I have added a login() function to the execution module, which uses the
Docker CLI to authenticate (with output_loglevel set to "quiet" to
suppress any logging of the credentials). The CLI is used in this
instance because docker-py provides no interface by which to persist a
login in the config.json; it can read from the file, but is not designed
to *write* to it. Rather than trying to write to this file ourselves,
and potentially breaking it when (not *if*) Docker decides to change the
internal format of the JSON data structure, using the CLI is a way of
future-proofing the authentication logic.
Context caching of the docker-py client instance has also been removed.
Context caching was used based on the same incorrect understanding of
how docker-py handles authentication, and sought to avoid repeated login
attempts. As that is no longer a concern, there is no need to cache the
client instance in the context dunder because we don't really gain a
performance benefit from it.
The _image_wrapper() function has been removed, as it no longer serves
any purpose, and the image-specific code in it that was still needed
has been absorbed into the _client_wrapper() helper. The functions which
used the _image_wrapper() helper (like push() and pull()) now use
_client_wrapper().
Additionally, the decorators used to enforce a minimum Docker version
(or Docker API version) have been removed. These are not necessary since
docker-py handles raising exceptions when a given feature is not
supported by the effective API version. The _client_wrapper() helper
function now checks for miscellaneous docker exceptions by catching the
docker.errors.DockerException class, which is the base class for the
custom exceptions raised by docker-py, and by doing so catches exceptions
raised due to API version incompatibility (and more).
The list of functions in the top-level docstring has been removed as it
is very out-of-date, and is somewhat superfluous anyway given that we
have for some time now had a list of the functions on the right side of
the page in the documentation.
Other changes:
- Fixed a bug I introduced when I overhauled the
docker_container.running state, in which a container with no changes
to be made, which was not running, would be started by the state even
when test=True was passed.
- Custom registry image names are now properly identified. The colon in
the hostname of the custom registry was previously causing incorrect
identification of the image name and tag, when no explicit tag was
being passed (e.g. localhost:5000/myimage).
- When configuring credentials, the creds for the Docker Hub can be
configured under a registry named ``hub``. This keeps the user from
having to figure out the registry URL and configure it in their Pillar
data, and thus makes using this module easier.
- Removes the email address from the documentation for credential
configuration. This was probably initially added because docker-py
accepts it as an argument, but it is entirely ignored for purposes of
authentication (even by docker-py) and is thus unnecessary. Relic of
an earlier time in Docker's history, perhaps?
- Fixed RST references to functions which weren't caught when this
module was renamed to dockermod.py
- Allow filter arguments in docker.networks to be passed as a
comma-separated list as well as a Python list, in keeping with general
usage elsewhere in Salt.
2017-04-02 21:27:06 +00:00
|
|
|
get_client_mock = MagicMock(return_value=client)
|
|
|
|
|
|
2017-02-12 00:22:14 +00:00
|
|
|
with patch.dict(docker_mod.__dict__,
|
2015-11-23 11:27:36 +00:00
|
|
|
{'__salt__': __salt__}):
|
Improved Docker auth handling and other misc. Docker improvements
This commit changes how we handle Docker authentication. We no longer
try to auth when pushing/pulling images. This was initially done based
on a misunderstanding of how authentication was handled in docker-py.
docker-py will automagically use the base64-encoded username/password
combination stored in config.json if present, so we don't need to auth
at all for push or pull, docker-py will handle all of that. We just need
to make sure that we get the auth info into the config.json. To do this
I have added a login() function to the execution module, which uses the
Docker CLI to authenticate (with output_loglevel set to "quiet" to
suppress any logging of the credentials). The CLI is used in this
instance because docker-py provides no interface by which to persist a
login in the config.json; it can read from the file, but is not designed
to *write* to it. Rather than trying to write to this file ourselves,
and potentially breaking it when (not *if*) Docker decides to change the
internal format of the JSON data structure, using the CLI is a way of
future-proofing the authentication logic.
Context caching of the docker-py client instance has also been removed.
Context caching was used based on the same incorrect understanding of
how docker-py handles authentication, and sought to avoid repeated login
attempts. As that is no longer a concern, there is no need to cache the
client instance in the context dunder because we don't really gain a
performance benefit from it.
The _image_wrapper() function has been removed, as it no longer serves
any purpose, and the image-specific code in it that was still needed
has been absorbed into the _client_wrapper() helper. The functions which
used the _image_wrapper() helper (like push() and pull()) now use
_client_wrapper().
Additionally, the decorators used to enforce a minimum Docker version
(or Docker API version) have been removed. These are not necessary since
docker-py handles raising exceptions when a given feature is not
supported by the effective API version. The _client_wrapper() helper
function now checks for miscellaneous docker exceptions by catching the
docker.errors.DockerException class, which is the base class for the
custom exceptions raised by docker-py, and by doing so catches exceptions
raised due to API version incompatibility (and more).
The list of functions in the top-level docstring has been removed as it
is very out-of-date, and is somewhat superfluous anyway given that we
have for some time now had a list of the functions on the right side of
the page in the documentation.
Other changes:
- Fixed a bug I introduced when I overhauled the
docker_container.running state, in which a container with no changes
to be made, which was not running, would be started by the state even
when test=True was passed.
- Custom registry image names are now properly identified. The colon in
the hostname of the custom registry was previously causing incorrect
identification of the image name and tag, when no explicit tag was
being passed (e.g. localhost:5000/myimage).
- When configuring credentials, the creds for the Docker Hub can be
configured under a registry named ``hub``. This keeps the user from
having to figure out the registry URL and configure it in their Pillar
data, and thus makes using this module easier.
- Removes the email address from the documentation for credential
configuration. This was probably initially added because docker-py
accepts it as an argument, but it is entirely ignored for purposes of
authentication (even by docker-py) and is thus unnecessary. Relic of
an earlier time in Docker's history, perhaps?
- Fixed RST references to functions which weren't caught when this
module was renamed to dockermod.py
- Allow filter arguments in docker.networks to be passed as a
comma-separated list as well as a Python list, in keeping with general
usage elsewhere in Salt.
2017-04-02 21:27:06 +00:00
|
|
|
with patch.object(docker_mod, '_get_client', get_client_mock):
|
2017-02-12 00:22:14 +00:00
|
|
|
docker_mod.inspect_network('foo')
|
2015-11-23 11:27:36 +00:00
|
|
|
client.inspect_network.assert_called_once_with('foo')
|
|
|
|
|
|
2017-03-28 23:09:30 +00:00
|
|
|
@skipIf(docker_version < (1, 5, 0),
|
2015-11-23 11:27:36 +00:00
|
|
|
'docker module must be installed to run this test or is too old. >=1.5.0')
|
|
|
|
|
def test_connect_container_to_network(self, *args):
|
|
|
|
|
'''
|
Improved Docker auth handling and other misc. Docker improvements
This commit changes how we handle Docker authentication. We no longer
try to auth when pushing/pulling images. This was initially done based
on a misunderstanding of how authentication was handled in docker-py.
docker-py will automagically use the base64-encoded username/password
combination stored in config.json if present, so we don't need to auth
at all for push or pull, docker-py will handle all of that. We just need
to make sure that we get the auth info into the config.json. To do this
I have added a login() function to the execution module, which uses the
Docker CLI to authenticate (with output_loglevel set to "quiet" to
suppress any logging of the credentials). The CLI is used in this
instance because docker-py provides no interface by which to persist a
login in the config.json; it can read from the file, but is not designed
to *write* to it. Rather than trying to write to this file ourselves,
and potentially breaking it when (not *if*) Docker decides to change the
internal format of the JSON data structure, using the CLI is a way of
future-proofing the authentication logic.
Context caching of the docker-py client instance has also been removed.
Context caching was used based on the same incorrect understanding of
how docker-py handles authentication, and sought to avoid repeated login
attempts. As that is no longer a concern, there is no need to cache the
client instance in the context dunder because we don't really gain a
performance benefit from it.
The _image_wrapper() function has been removed, as it no longer serves
any purpose, and the image-specific code in it that was still needed
has been absorbed into the _client_wrapper() helper. The functions which
used the _image_wrapper() helper (like push() and pull()) now use
_client_wrapper().
Additionally, the decorators used to enforce a minimum Docker version
(or Docker API version) have been removed. These are not necessary since
docker-py handles raising exceptions when a given feature is not
supported by the effective API version. The _client_wrapper() helper
function now checks for miscellaneous docker exceptions by catching the
docker.errors.DockerException class, which is the base class for the
custom exceptions raised by docker-py, and by doing so catches exceptions
raised due to API version incompatibility (and more).
The list of functions in the top-level docstring has been removed as it
is very out-of-date, and is somewhat superfluous anyway given that we
have for some time now had a list of the functions on the right side of
the page in the documentation.
Other changes:
- Fixed a bug I introduced when I overhauled the
docker_container.running state, in which a container with no changes
to be made, which was not running, would be started by the state even
when test=True was passed.
- Custom registry image names are now properly identified. The colon in
the hostname of the custom registry was previously causing incorrect
identification of the image name and tag, when no explicit tag was
being passed (e.g. localhost:5000/myimage).
- When configuring credentials, the creds for the Docker Hub can be
configured under a registry named ``hub``. This keeps the user from
having to figure out the registry URL and configure it in their Pillar
data, and thus makes using this module easier.
- Removes the email address from the documentation for credential
configuration. This was probably initially added because docker-py
accepts it as an argument, but it is entirely ignored for purposes of
authentication (even by docker-py) and is thus unnecessary. Relic of
an earlier time in Docker's history, perhaps?
- Fixed RST references to functions which weren't caught when this
module was renamed to dockermod.py
- Allow filter arguments in docker.networks to be passed as a
comma-separated list as well as a Python list, in keeping with general
usage elsewhere in Salt.
2017-04-02 21:27:06 +00:00
|
|
|
test connect_container_to_network
|
2015-11-23 11:27:36 +00:00
|
|
|
'''
|
|
|
|
|
__salt__ = {
|
|
|
|
|
'config.get': Mock(),
|
|
|
|
|
'mine.send': Mock(),
|
|
|
|
|
}
|
|
|
|
|
host_config = {}
|
|
|
|
|
client = Mock()
|
|
|
|
|
client.api_version = '1.21'
|
Improved Docker auth handling and other misc. Docker improvements
This commit changes how we handle Docker authentication. We no longer
try to auth when pushing/pulling images. This was initially done based
on a misunderstanding of how authentication was handled in docker-py.
docker-py will automagically use the base64-encoded username/password
combination stored in config.json if present, so we don't need to auth
at all for push or pull, docker-py will handle all of that. We just need
to make sure that we get the auth info into the config.json. To do this
I have added a login() function to the execution module, which uses the
Docker CLI to authenticate (with output_loglevel set to "quiet" to
suppress any logging of the credentials). The CLI is used in this
instance because docker-py provides no interface by which to persist a
login in the config.json; it can read from the file, but is not designed
to *write* to it. Rather than trying to write to this file ourselves,
and potentially breaking it when (not *if*) Docker decides to change the
internal format of the JSON data structure, using the CLI is a way of
future-proofing the authentication logic.
Context caching of the docker-py client instance has also been removed.
Context caching was used based on the same incorrect understanding of
how docker-py handles authentication, and sought to avoid repeated login
attempts. As that is no longer a concern, there is no need to cache the
client instance in the context dunder because we don't really gain a
performance benefit from it.
The _image_wrapper() function has been removed, as it no longer serves
any purpose, and the image-specific code in it that was still needed
has been absorbed into the _client_wrapper() helper. The functions which
used the _image_wrapper() helper (like push() and pull()) now use
_client_wrapper().
Additionally, the decorators used to enforce a minimum Docker version
(or Docker API version) have been removed. These are not necessary since
docker-py handles raising exceptions when a given feature is not
supported by the effective API version. The _client_wrapper() helper
function now checks for miscellaneous docker exceptions by catching the
docker.errors.DockerException class, which is the base class for the
custom exceptions raised by docker-py, and by doing so catches exceptions
raised due to API version incompatibility (and more).
The list of functions in the top-level docstring has been removed as it
is very out-of-date, and is somewhat superfluous anyway given that we
have for some time now had a list of the functions on the right side of
the page in the documentation.
Other changes:
- Fixed a bug I introduced when I overhauled the
docker_container.running state, in which a container with no changes
to be made, which was not running, would be started by the state even
when test=True was passed.
- Custom registry image names are now properly identified. The colon in
the hostname of the custom registry was previously causing incorrect
identification of the image name and tag, when no explicit tag was
being passed (e.g. localhost:5000/myimage).
- When configuring credentials, the creds for the Docker Hub can be
configured under a registry named ``hub``. This keeps the user from
having to figure out the registry URL and configure it in their Pillar
data, and thus makes using this module easier.
- Removes the email address from the documentation for credential
configuration. This was probably initially added because docker-py
accepts it as an argument, but it is entirely ignored for purposes of
authentication (even by docker-py) and is thus unnecessary. Relic of
an earlier time in Docker's history, perhaps?
- Fixed RST references to functions which weren't caught when this
module was renamed to dockermod.py
- Allow filter arguments in docker.networks to be passed as a
comma-separated list as well as a Python list, in keeping with general
usage elsewhere in Salt.
2017-04-02 21:27:06 +00:00
|
|
|
get_client_mock = MagicMock(return_value=client)
|
2017-02-19 01:14:22 +00:00
|
|
|
|
Improved Docker auth handling and other misc. Docker improvements
This commit changes how we handle Docker authentication. We no longer
try to auth when pushing/pulling images. This was initially done based
on a misunderstanding of how authentication was handled in docker-py.
docker-py will automagically use the base64-encoded username/password
combination stored in config.json if present, so we don't need to auth
at all for push or pull, docker-py will handle all of that. We just need
to make sure that we get the auth info into the config.json. To do this
I have added a login() function to the execution module, which uses the
Docker CLI to authenticate (with output_loglevel set to "quiet" to
suppress any logging of the credentials). The CLI is used in this
instance because docker-py provides no interface by which to persist a
login in the config.json; it can read from the file, but is not designed
to *write* to it. Rather than trying to write to this file ourselves,
and potentially breaking it when (not *if*) Docker decides to change the
internal format of the JSON data structure, using the CLI is a way of
future-proofing the authentication logic.
Context caching of the docker-py client instance has also been removed.
Context caching was used based on the same incorrect understanding of
how docker-py handles authentication, and sought to avoid repeated login
attempts. As that is no longer a concern, there is no need to cache the
client instance in the context dunder because we don't really gain a
performance benefit from it.
The _image_wrapper() function has been removed, as it no longer serves
any purpose, and the image-specific code in it that was still needed
has been absorbed into the _client_wrapper() helper. The functions which
used the _image_wrapper() helper (like push() and pull()) now use
_client_wrapper().
Additionally, the decorators used to enforce a minimum Docker version
(or Docker API version) have been removed. These are not necessary since
docker-py handles raising exceptions when a given feature is not
supported by the effective API version. The _client_wrapper() helper
function now checks for miscellaneous docker exceptions by catching the
docker.errors.DockerException class, which is the base class for the
custom exceptions raised by docker-py, and by doing so catches exceptions
raised due to API version incompatibility (and more).
The list of functions in the top-level docstring has been removed as it
is very out-of-date, and is somewhat superfluous anyway given that we
have for some time now had a list of the functions on the right side of
the page in the documentation.
Other changes:
- Fixed a bug I introduced when I overhauled the
docker_container.running state, in which a container with no changes
to be made, which was not running, would be started by the state even
when test=True was passed.
- Custom registry image names are now properly identified. The colon in
the hostname of the custom registry was previously causing incorrect
identification of the image name and tag, when no explicit tag was
being passed (e.g. localhost:5000/myimage).
- When configuring credentials, the creds for the Docker Hub can be
configured under a registry named ``hub``. This keeps the user from
having to figure out the registry URL and configure it in their Pillar
data, and thus makes using this module easier.
- Removes the email address from the documentation for credential
configuration. This was probably initially added because docker-py
accepts it as an argument, but it is entirely ignored for purposes of
authentication (even by docker-py) and is thus unnecessary. Relic of
an earlier time in Docker's history, perhaps?
- Fixed RST references to functions which weren't caught when this
module was renamed to dockermod.py
- Allow filter arguments in docker.networks to be passed as a
comma-separated list as well as a Python list, in keeping with general
usage elsewhere in Salt.
2017-04-02 21:27:06 +00:00
|
|
|
context = {'docker.exec_driver': 'docker-exec'}
|
2017-02-19 01:14:22 +00:00
|
|
|
|
2017-02-12 00:22:14 +00:00
|
|
|
with patch.dict(docker_mod.__dict__,
|
2015-11-23 11:27:36 +00:00
|
|
|
{'__salt__': __salt__}):
|
2017-02-19 01:14:22 +00:00
|
|
|
with patch.dict(docker_mod.__context__, context):
|
Improved Docker auth handling and other misc. Docker improvements
This commit changes how we handle Docker authentication. We no longer
try to auth when pushing/pulling images. This was initially done based
on a misunderstanding of how authentication was handled in docker-py.
docker-py will automagically use the base64-encoded username/password
combination stored in config.json if present, so we don't need to auth
at all for push or pull, docker-py will handle all of that. We just need
to make sure that we get the auth info into the config.json. To do this
I have added a login() function to the execution module, which uses the
Docker CLI to authenticate (with output_loglevel set to "quiet" to
suppress any logging of the credentials). The CLI is used in this
instance because docker-py provides no interface by which to persist a
login in the config.json; it can read from the file, but is not designed
to *write* to it. Rather than trying to write to this file ourselves,
and potentially breaking it when (not *if*) Docker decides to change the
internal format of the JSON data structure, using the CLI is a way of
future-proofing the authentication logic.
Context caching of the docker-py client instance has also been removed.
Context caching was used based on the same incorrect understanding of
how docker-py handles authentication, and sought to avoid repeated login
attempts. As that is no longer a concern, there is no need to cache the
client instance in the context dunder because we don't really gain a
performance benefit from it.
The _image_wrapper() function has been removed, as it no longer serves
any purpose, and the image-specific code in it that was still needed
has been absorbed into the _client_wrapper() helper. The functions which
used the _image_wrapper() helper (like push() and pull()) now use
_client_wrapper().
Additionally, the decorators used to enforce a minimum Docker version
(or Docker API version) have been removed. These are not necessary since
docker-py handles raising exceptions when a given feature is not
supported by the effective API version. The _client_wrapper() helper
function now checks for miscellaneous docker exceptions by catching the
docker.errors.DockerException class, which is the base class for the
custom exceptions raised by docker-py, and by doing so catches exceptions
raised due to API version incompatibility (and more).
The list of functions in the top-level docstring has been removed as it
is very out-of-date, and is somewhat superfluous anyway given that we
have for some time now had a list of the functions on the right side of
the page in the documentation.
Other changes:
- Fixed a bug I introduced when I overhauled the
docker_container.running state, in which a container with no changes
to be made, which was not running, would be started by the state even
when test=True was passed.
- Custom registry image names are now properly identified. The colon in
the hostname of the custom registry was previously causing incorrect
identification of the image name and tag, when no explicit tag was
being passed (e.g. localhost:5000/myimage).
- When configuring credentials, the creds for the Docker Hub can be
configured under a registry named ``hub``. This keeps the user from
having to figure out the registry URL and configure it in their Pillar
data, and thus makes using this module easier.
- Removes the email address from the documentation for credential
configuration. This was probably initially added because docker-py
accepts it as an argument, but it is entirely ignored for purposes of
authentication (even by docker-py) and is thus unnecessary. Relic of
an earlier time in Docker's history, perhaps?
- Fixed RST references to functions which weren't caught when this
module was renamed to dockermod.py
- Allow filter arguments in docker.networks to be passed as a
comma-separated list as well as a Python list, in keeping with general
usage elsewhere in Salt.
2017-04-02 21:27:06 +00:00
|
|
|
with patch.object(docker_mod, '_get_client', get_client_mock):
|
|
|
|
|
docker_mod.connect_container_to_network('container', 'foo')
|
2015-11-23 11:27:36 +00:00
|
|
|
client.connect_container_to_network.assert_called_once_with(
|
2017-02-19 01:14:22 +00:00
|
|
|
'container', 'foo', None)
|
2015-11-23 11:27:36 +00:00
|
|
|
|
2017-03-28 23:09:30 +00:00
|
|
|
@skipIf(docker_version < (1, 5, 0),
|
2015-11-23 11:27:36 +00:00
|
|
|
'docker module must be installed to run this test or is too old. >=1.5.0')
|
|
|
|
|
def test_disconnect_container_from_network(self, *args):
|
|
|
|
|
'''
|
Improved Docker auth handling and other misc. Docker improvements
This commit changes how we handle Docker authentication. We no longer
try to auth when pushing/pulling images. This was initially done based
on a misunderstanding of how authentication was handled in docker-py.
docker-py will automagically use the base64-encoded username/password
combination stored in config.json if present, so we don't need to auth
at all for push or pull, docker-py will handle all of that. We just need
to make sure that we get the auth info into the config.json. To do this
I have added a login() function to the execution module, which uses the
Docker CLI to authenticate (with output_loglevel set to "quiet" to
suppress any logging of the credentials). The CLI is used in this
instance because docker-py provides no interface by which to persist a
login in the config.json; it can read from the file, but is not designed
to *write* to it. Rather than trying to write to this file ourselves,
and potentially breaking it when (not *if*) Docker decides to change the
internal format of the JSON data structure, using the CLI is a way of
future-proofing the authentication logic.
Context caching of the docker-py client instance has also been removed.
Context caching was used based on the same incorrect understanding of
how docker-py handles authentication, and sought to avoid repeated login
attempts. As that is no longer a concern, there is no need to cache the
client instance in the context dunder because we don't really gain a
performance benefit from it.
The _image_wrapper() function has been removed, as it no longer serves
any purpose, and the image-specific code in it that was still needed
has been absorbed into the _client_wrapper() helper. The functions which
used the _image_wrapper() helper (like push() and pull()) now use
_client_wrapper().
Additionally, the decorators used to enforce a minimum Docker version
(or Docker API version) have been removed. These are not necessary since
docker-py handles raising exceptions when a given feature is not
supported by the effective API version. The _client_wrapper() helper
function now checks for miscellaneous docker exceptions by catching the
docker.errors.DockerException class, which is the base class for the
custom exceptions raised by docker-py, and by doing so catches exceptions
raised due to API version incompatibility (and more).
The list of functions in the top-level docstring has been removed as it
is very out-of-date, and is somewhat superfluous anyway given that we
have for some time now had a list of the functions on the right side of
the page in the documentation.
Other changes:
- Fixed a bug I introduced when I overhauled the
docker_container.running state, in which a container with no changes
to be made, which was not running, would be started by the state even
when test=True was passed.
- Custom registry image names are now properly identified. The colon in
the hostname of the custom registry was previously causing incorrect
identification of the image name and tag, when no explicit tag was
being passed (e.g. localhost:5000/myimage).
- When configuring credentials, the creds for the Docker Hub can be
configured under a registry named ``hub``. This keeps the user from
having to figure out the registry URL and configure it in their Pillar
data, and thus makes using this module easier.
- Removes the email address from the documentation for credential
configuration. This was probably initially added because docker-py
accepts it as an argument, but it is entirely ignored for purposes of
authentication (even by docker-py) and is thus unnecessary. Relic of
an earlier time in Docker's history, perhaps?
- Fixed RST references to functions which weren't caught when this
module was renamed to dockermod.py
- Allow filter arguments in docker.networks to be passed as a
comma-separated list as well as a Python list, in keeping with general
usage elsewhere in Salt.
2017-04-02 21:27:06 +00:00
|
|
|
test disconnect_container_from_network
|
2015-11-23 11:27:36 +00:00
|
|
|
'''
|
|
|
|
|
__salt__ = {
|
|
|
|
|
'config.get': Mock(),
|
|
|
|
|
'mine.send': Mock(),
|
|
|
|
|
}
|
|
|
|
|
host_config = {}
|
|
|
|
|
client = Mock()
|
|
|
|
|
client.api_version = '1.21'
|
Improved Docker auth handling and other misc. Docker improvements
This commit changes how we handle Docker authentication. We no longer
try to auth when pushing/pulling images. This was initially done based
on a misunderstanding of how authentication was handled in docker-py.
docker-py will automagically use the base64-encoded username/password
combination stored in config.json if present, so we don't need to auth
at all for push or pull, docker-py will handle all of that. We just need
to make sure that we get the auth info into the config.json. To do this
I have added a login() function to the execution module, which uses the
Docker CLI to authenticate (with output_loglevel set to "quiet" to
suppress any logging of the credentials). The CLI is used in this
instance because docker-py provides no interface by which to persist a
login in the config.json; it can read from the file, but is not designed
to *write* to it. Rather than trying to write to this file ourselves,
and potentially breaking it when (not *if*) Docker decides to change the
internal format of the JSON data structure, using the CLI is a way of
future-proofing the authentication logic.
Context caching of the docker-py client instance has also been removed.
Context caching was used based on the same incorrect understanding of
how docker-py handles authentication, and sought to avoid repeated login
attempts. As that is no longer a concern, there is no need to cache the
client instance in the context dunder because we don't really gain a
performance benefit from it.
The _image_wrapper() function has been removed, as it no longer serves
any purpose, and the image-specific code in it that was still needed
has been absorbed into the _client_wrapper() helper. The functions which
used the _image_wrapper() helper (like push() and pull()) now use
_client_wrapper().
Additionally, the decorators used to enforce a minimum Docker version
(or Docker API version) have been removed. These are not necessary since
docker-py handles raising exceptions when a given feature is not
supported by the effective API version. The _client_wrapper() helper
function now checks for miscellaneous docker exceptions by catching the
docker.errors.DockerException class, which is the base class for the
custom exceptions raised by docker-py, and by doing so catches exceptions
raised due to API version incompatibility (and more).
The list of functions in the top-level docstring has been removed as it
is very out-of-date, and is somewhat superfluous anyway given that we
have for some time now had a list of the functions on the right side of
the page in the documentation.
Other changes:
- Fixed a bug I introduced when I overhauled the
docker_container.running state, in which a container with no changes
to be made, which was not running, would be started by the state even
when test=True was passed.
- Custom registry image names are now properly identified. The colon in
the hostname of the custom registry was previously causing incorrect
identification of the image name and tag, when no explicit tag was
being passed (e.g. localhost:5000/myimage).
- When configuring credentials, the creds for the Docker Hub can be
configured under a registry named ``hub``. This keeps the user from
having to figure out the registry URL and configure it in their Pillar
data, and thus makes using this module easier.
- Removes the email address from the documentation for credential
configuration. This was probably initially added because docker-py
accepts it as an argument, but it is entirely ignored for purposes of
authentication (even by docker-py) and is thus unnecessary. Relic of
an earlier time in Docker's history, perhaps?
- Fixed RST references to functions which weren't caught when this
module was renamed to dockermod.py
- Allow filter arguments in docker.networks to be passed as a
comma-separated list as well as a Python list, in keeping with general
usage elsewhere in Salt.
2017-04-02 21:27:06 +00:00
|
|
|
get_client_mock = MagicMock(return_value=client)
|
|
|
|
|
|
2017-02-12 00:22:14 +00:00
|
|
|
with patch.dict(docker_mod.__dict__,
|
2015-11-23 11:27:36 +00:00
|
|
|
{'__salt__': __salt__}):
|
Improved Docker auth handling and other misc. Docker improvements
This commit changes how we handle Docker authentication. We no longer
try to auth when pushing/pulling images. This was initially done based
on a misunderstanding of how authentication was handled in docker-py.
docker-py will automagically use the base64-encoded username/password
combination stored in config.json if present, so we don't need to auth
at all for push or pull, docker-py will handle all of that. We just need
to make sure that we get the auth info into the config.json. To do this
I have added a login() function to the execution module, which uses the
Docker CLI to authenticate (with output_loglevel set to "quiet" to
suppress any logging of the credentials). The CLI is used in this
instance because docker-py provides no interface by which to persist a
login in the config.json; it can read from the file, but is not designed
to *write* to it. Rather than trying to write to this file ourselves,
and potentially breaking it when (not *if*) Docker decides to change the
internal format of the JSON data structure, using the CLI is a way of
future-proofing the authentication logic.
Context caching of the docker-py client instance has also been removed.
Context caching was used based on the same incorrect understanding of
how docker-py handles authentication, and sought to avoid repeated login
attempts. As that is no longer a concern, there is no need to cache the
client instance in the context dunder because we don't really gain a
performance benefit from it.
The _image_wrapper() function has been removed, as it no longer serves
any purpose, and the image-specific code in it that was still needed
has been absorbed into the _client_wrapper() helper. The functions which
used the _image_wrapper() helper (like push() and pull()) now use
_client_wrapper().
Additionally, the decorators used to enforce a minimum Docker version
(or Docker API version) have been removed. These are not necessary since
docker-py handles raising exceptions when a given feature is not
supported by the effective API version. The _client_wrapper() helper
function now checks for miscellaneous docker exceptions by catching the
docker.errors.DockerException class, which is the base class for the
custom exceptions raised by docker-py, and by doing so catches exceptions
raised due to API version incompatibility (and more).
The list of functions in the top-level docstring has been removed as it
is very out-of-date, and is somewhat superfluous anyway given that we
have for some time now had a list of the functions on the right side of
the page in the documentation.
Other changes:
- Fixed a bug I introduced when I overhauled the
docker_container.running state, in which a container with no changes
to be made, which was not running, would be started by the state even
when test=True was passed.
- Custom registry image names are now properly identified. The colon in
the hostname of the custom registry was previously causing incorrect
identification of the image name and tag, when no explicit tag was
being passed (e.g. localhost:5000/myimage).
- When configuring credentials, the creds for the Docker Hub can be
configured under a registry named ``hub``. This keeps the user from
having to figure out the registry URL and configure it in their Pillar
data, and thus makes using this module easier.
- Removes the email address from the documentation for credential
configuration. This was probably initially added because docker-py
accepts it as an argument, but it is entirely ignored for purposes of
authentication (even by docker-py) and is thus unnecessary. Relic of
an earlier time in Docker's history, perhaps?
- Fixed RST references to functions which weren't caught when this
module was renamed to dockermod.py
- Allow filter arguments in docker.networks to be passed as a
comma-separated list as well as a Python list, in keeping with general
usage elsewhere in Salt.
2017-04-02 21:27:06 +00:00
|
|
|
with patch.object(docker_mod, '_get_client', get_client_mock):
|
2017-02-12 00:22:14 +00:00
|
|
|
docker_mod.disconnect_container_from_network('container', 'foo')
|
2015-11-23 11:27:36 +00:00
|
|
|
client.disconnect_container_from_network.assert_called_once_with(
|
|
|
|
|
'container', 'foo')
|
|
|
|
|
|
2017-03-28 23:09:30 +00:00
|
|
|
@skipIf(docker_version < (1, 5, 0),
|
2015-12-01 10:16:55 +00:00
|
|
|
'docker module must be installed to run this test or is too old. >=1.5.0')
|
|
|
|
|
def test_list_volumes(self, *args):
|
|
|
|
|
'''
|
|
|
|
|
test list volumes.
|
|
|
|
|
'''
|
|
|
|
|
__salt__ = {
|
|
|
|
|
'config.get': Mock(),
|
|
|
|
|
'mine.send': Mock(),
|
|
|
|
|
}
|
|
|
|
|
client = Mock()
|
|
|
|
|
client.api_version = '1.21'
|
Improved Docker auth handling and other misc. Docker improvements
This commit changes how we handle Docker authentication. We no longer
try to auth when pushing/pulling images. This was initially done based
on a misunderstanding of how authentication was handled in docker-py.
docker-py will automagically use the base64-encoded username/password
combination stored in config.json if present, so we don't need to auth
at all for push or pull, docker-py will handle all of that. We just need
to make sure that we get the auth info into the config.json. To do this
I have added a login() function to the execution module, which uses the
Docker CLI to authenticate (with output_loglevel set to "quiet" to
suppress any logging of the credentials). The CLI is used in this
instance because docker-py provides no interface by which to persist a
login in the config.json; it can read from the file, but is not designed
to *write* to it. Rather than trying to write to this file ourselves,
and potentially breaking it when (not *if*) Docker decides to change the
internal format of the JSON data structure, using the CLI is a way of
future-proofing the authentication logic.
Context caching of the docker-py client instance has also been removed.
Context caching was used based on the same incorrect understanding of
how docker-py handles authentication, and sought to avoid repeated login
attempts. As that is no longer a concern, there is no need to cache the
client instance in the context dunder because we don't really gain a
performance benefit from it.
The _image_wrapper() function has been removed, as it no longer serves
any purpose, and the image-specific code in it that was still needed
has been absorbed into the _client_wrapper() helper. The functions which
used the _image_wrapper() helper (like push() and pull()) now use
_client_wrapper().
Additionally, the decorators used to enforce a minimum Docker version
(or Docker API version) have been removed. These are not necessary since
docker-py handles raising exceptions when a given feature is not
supported by the effective API version. The _client_wrapper() helper
function now checks for miscellaneous docker exceptions by catching the
docker.errors.DockerException class, which is the base class for the
custom exceptions raised by docker-py, and by doing so catches exceptions
raised due to API version incompatibility (and more).
The list of functions in the top-level docstring has been removed as it
is very out-of-date, and is somewhat superfluous anyway given that we
have for some time now had a list of the functions on the right side of
the page in the documentation.
Other changes:
- Fixed a bug I introduced when I overhauled the
docker_container.running state, in which a container with no changes
to be made, which was not running, would be started by the state even
when test=True was passed.
- Custom registry image names are now properly identified. The colon in
the hostname of the custom registry was previously causing incorrect
identification of the image name and tag, when no explicit tag was
being passed (e.g. localhost:5000/myimage).
- When configuring credentials, the creds for the Docker Hub can be
configured under a registry named ``hub``. This keeps the user from
having to figure out the registry URL and configure it in their Pillar
data, and thus makes using this module easier.
- Removes the email address from the documentation for credential
configuration. This was probably initially added because docker-py
accepts it as an argument, but it is entirely ignored for purposes of
authentication (even by docker-py) and is thus unnecessary. Relic of
an earlier time in Docker's history, perhaps?
- Fixed RST references to functions which weren't caught when this
module was renamed to dockermod.py
- Allow filter arguments in docker.networks to be passed as a
comma-separated list as well as a Python list, in keeping with general
usage elsewhere in Salt.
2017-04-02 21:27:06 +00:00
|
|
|
get_client_mock = MagicMock(return_value=client)
|
|
|
|
|
|
2017-02-12 00:22:14 +00:00
|
|
|
with patch.dict(docker_mod.__dict__,
|
2015-12-01 10:16:55 +00:00
|
|
|
{'__salt__': __salt__}):
|
Improved Docker auth handling and other misc. Docker improvements
This commit changes how we handle Docker authentication. We no longer
try to auth when pushing/pulling images. This was initially done based
on a misunderstanding of how authentication was handled in docker-py.
docker-py will automagically use the base64-encoded username/password
combination stored in config.json if present, so we don't need to auth
at all for push or pull, docker-py will handle all of that. We just need
to make sure that we get the auth info into the config.json. To do this
I have added a login() function to the execution module, which uses the
Docker CLI to authenticate (with output_loglevel set to "quiet" to
suppress any logging of the credentials). The CLI is used in this
instance because docker-py provides no interface by which to persist a
login in the config.json; it can read from the file, but is not designed
to *write* to it. Rather than trying to write to this file ourselves,
and potentially breaking it when (not *if*) Docker decides to change the
internal format of the JSON data structure, using the CLI is a way of
future-proofing the authentication logic.
Context caching of the docker-py client instance has also been removed.
Context caching was used based on the same incorrect understanding of
how docker-py handles authentication, and sought to avoid repeated login
attempts. As that is no longer a concern, there is no need to cache the
client instance in the context dunder because we don't really gain a
performance benefit from it.
The _image_wrapper() function has been removed, as it no longer serves
any purpose, and the image-specific code in it that was still needed
has been absorbed into the _client_wrapper() helper. The functions which
used the _image_wrapper() helper (like push() and pull()) now use
_client_wrapper().
Additionally, the decorators used to enforce a minimum Docker version
(or Docker API version) have been removed. These are not necessary since
docker-py handles raising exceptions when a given feature is not
supported by the effective API version. The _client_wrapper() helper
function now checks for miscellaneous docker exceptions by catching the
docker.errors.DockerException class, which is the base class for the
custom exceptions raised by docker-py, and by doing so catches exceptions
raised due to API version incompatibility (and more).
The list of functions in the top-level docstring has been removed as it
is very out-of-date, and is somewhat superfluous anyway given that we
have for some time now had a list of the functions on the right side of
the page in the documentation.
Other changes:
- Fixed a bug I introduced when I overhauled the
docker_container.running state, in which a container with no changes
to be made, which was not running, would be started by the state even
when test=True was passed.
- Custom registry image names are now properly identified. The colon in
the hostname of the custom registry was previously causing incorrect
identification of the image name and tag, when no explicit tag was
being passed (e.g. localhost:5000/myimage).
- When configuring credentials, the creds for the Docker Hub can be
configured under a registry named ``hub``. This keeps the user from
having to figure out the registry URL and configure it in their Pillar
data, and thus makes using this module easier.
- Removes the email address from the documentation for credential
configuration. This was probably initially added because docker-py
accepts it as an argument, but it is entirely ignored for purposes of
authentication (even by docker-py) and is thus unnecessary. Relic of
an earlier time in Docker's history, perhaps?
- Fixed RST references to functions which weren't caught when this
module was renamed to dockermod.py
- Allow filter arguments in docker.networks to be passed as a
comma-separated list as well as a Python list, in keeping with general
usage elsewhere in Salt.
2017-04-02 21:27:06 +00:00
|
|
|
with patch.object(docker_mod, '_get_client', get_client_mock):
|
2017-02-12 00:22:14 +00:00
|
|
|
docker_mod.volumes(
|
2015-12-01 10:16:55 +00:00
|
|
|
filters={'dangling': [True]},
|
|
|
|
|
)
|
|
|
|
|
client.volumes.assert_called_once_with(
|
|
|
|
|
filters={'dangling': [True]},
|
|
|
|
|
)
|
|
|
|
|
|
2017-03-28 23:09:30 +00:00
|
|
|
@skipIf(docker_version < (1, 5, 0),
|
2015-12-01 10:16:55 +00:00
|
|
|
'docker module must be installed to run this test or is too old. >=1.5.0')
|
|
|
|
|
def test_create_volume(self, *args):
|
|
|
|
|
'''
|
|
|
|
|
test create volume.
|
|
|
|
|
'''
|
|
|
|
|
__salt__ = {
|
|
|
|
|
'config.get': Mock(),
|
|
|
|
|
'mine.send': Mock(),
|
|
|
|
|
}
|
|
|
|
|
client = Mock()
|
|
|
|
|
client.api_version = '1.21'
|
Improved Docker auth handling and other misc. Docker improvements
This commit changes how we handle Docker authentication. We no longer
try to auth when pushing/pulling images. This was initially done based
on a misunderstanding of how authentication was handled in docker-py.
docker-py will automagically use the base64-encoded username/password
combination stored in config.json if present, so we don't need to auth
at all for push or pull, docker-py will handle all of that. We just need
to make sure that we get the auth info into the config.json. To do this
I have added a login() function to the execution module, which uses the
Docker CLI to authenticate (with output_loglevel set to "quiet" to
suppress any logging of the credentials). The CLI is used in this
instance because docker-py provides no interface by which to persist a
login in the config.json; it can read from the file, but is not designed
to *write* to it. Rather than trying to write to this file ourselves,
and potentially breaking it when (not *if*) Docker decides to change the
internal format of the JSON data structure, using the CLI is a way of
future-proofing the authentication logic.
Context caching of the docker-py client instance has also been removed.
Context caching was used based on the same incorrect understanding of
how docker-py handles authentication, and sought to avoid repeated login
attempts. As that is no longer a concern, there is no need to cache the
client instance in the context dunder because we don't really gain a
performance benefit from it.
The _image_wrapper() function has been removed, as it no longer serves
any purpose, and the image-specific code in it that was still needed
has been absorbed into the _client_wrapper() helper. The functions which
used the _image_wrapper() helper (like push() and pull()) now use
_client_wrapper().
Additionally, the decorators used to enforce a minimum Docker version
(or Docker API version) have been removed. These are not necessary since
docker-py handles raising exceptions when a given feature is not
supported by the effective API version. The _client_wrapper() helper
function now checks for miscellaneous docker exceptions by catching the
docker.errors.DockerException class, which is the base class for the
custom exceptions raised by docker-py, and by doing so catches exceptions
raised due to API version incompatibility (and more).
The list of functions in the top-level docstring has been removed as it
is very out-of-date, and is somewhat superfluous anyway given that we
have for some time now had a list of the functions on the right side of
the page in the documentation.
Other changes:
- Fixed a bug I introduced when I overhauled the
docker_container.running state, in which a container with no changes
to be made, which was not running, would be started by the state even
when test=True was passed.
- Custom registry image names are now properly identified. The colon in
the hostname of the custom registry was previously causing incorrect
identification of the image name and tag, when no explicit tag was
being passed (e.g. localhost:5000/myimage).
- When configuring credentials, the creds for the Docker Hub can be
configured under a registry named ``hub``. This keeps the user from
having to figure out the registry URL and configure it in their Pillar
data, and thus makes using this module easier.
- Removes the email address from the documentation for credential
configuration. This was probably initially added because docker-py
accepts it as an argument, but it is entirely ignored for purposes of
authentication (even by docker-py) and is thus unnecessary. Relic of
an earlier time in Docker's history, perhaps?
- Fixed RST references to functions which weren't caught when this
module was renamed to dockermod.py
- Allow filter arguments in docker.networks to be passed as a
comma-separated list as well as a Python list, in keeping with general
usage elsewhere in Salt.
2017-04-02 21:27:06 +00:00
|
|
|
get_client_mock = MagicMock(return_value=client)
|
|
|
|
|
|
2017-02-12 00:22:14 +00:00
|
|
|
with patch.dict(docker_mod.__dict__,
|
2015-12-01 10:16:55 +00:00
|
|
|
{'__salt__': __salt__}):
|
Improved Docker auth handling and other misc. Docker improvements
This commit changes how we handle Docker authentication. We no longer
try to auth when pushing/pulling images. This was initially done based
on a misunderstanding of how authentication was handled in docker-py.
docker-py will automagically use the base64-encoded username/password
combination stored in config.json if present, so we don't need to auth
at all for push or pull, docker-py will handle all of that. We just need
to make sure that we get the auth info into the config.json. To do this
I have added a login() function to the execution module, which uses the
Docker CLI to authenticate (with output_loglevel set to "quiet" to
suppress any logging of the credentials). The CLI is used in this
instance because docker-py provides no interface by which to persist a
login in the config.json; it can read from the file, but is not designed
to *write* to it. Rather than trying to write to this file ourselves,
and potentially breaking it when (not *if*) Docker decides to change the
internal format of the JSON data structure, using the CLI is a way of
future-proofing the authentication logic.
Context caching of the docker-py client instance has also been removed.
Context caching was used based on the same incorrect understanding of
how docker-py handles authentication, and sought to avoid repeated login
attempts. As that is no longer a concern, there is no need to cache the
client instance in the context dunder because we don't really gain a
performance benefit from it.
The _image_wrapper() function has been removed, as it no longer serves
any purpose, and the image-specific code in it that was still needed
has been absorbed into the _client_wrapper() helper. The functions which
used the _image_wrapper() helper (like push() and pull()) now use
_client_wrapper().
Additionally, the decorators used to enforce a minimum Docker version
(or Docker API version) have been removed. These are not necessary since
docker-py handles raising exceptions when a given feature is not
supported by the effective API version. The _client_wrapper() helper
function now checks for miscellaneous docker exceptions by catching the
docker.errors.DockerException class, which is the base class for the
custom exceptions raised by docker-py, and by doing so catches exceptions
raised due to API version incompatibility (and more).
The list of functions in the top-level docstring has been removed as it
is very out-of-date, and is somewhat superfluous anyway given that we
have for some time now had a list of the functions on the right side of
the page in the documentation.
Other changes:
- Fixed a bug I introduced when I overhauled the
docker_container.running state, in which a container with no changes
to be made, which was not running, would be started by the state even
when test=True was passed.
- Custom registry image names are now properly identified. The colon in
the hostname of the custom registry was previously causing incorrect
identification of the image name and tag, when no explicit tag was
being passed (e.g. localhost:5000/myimage).
- When configuring credentials, the creds for the Docker Hub can be
configured under a registry named ``hub``. This keeps the user from
having to figure out the registry URL and configure it in their Pillar
data, and thus makes using this module easier.
- Removes the email address from the documentation for credential
configuration. This was probably initially added because docker-py
accepts it as an argument, but it is entirely ignored for purposes of
authentication (even by docker-py) and is thus unnecessary. Relic of
an earlier time in Docker's history, perhaps?
- Fixed RST references to functions which weren't caught when this
module was renamed to dockermod.py
- Allow filter arguments in docker.networks to be passed as a
comma-separated list as well as a Python list, in keeping with general
usage elsewhere in Salt.
2017-04-02 21:27:06 +00:00
|
|
|
with patch.object(docker_mod, '_get_client', get_client_mock):
|
2017-02-12 00:22:14 +00:00
|
|
|
docker_mod.create_volume(
|
2015-12-01 10:16:55 +00:00
|
|
|
'foo',
|
|
|
|
|
driver='bridge',
|
|
|
|
|
driver_opts={},
|
|
|
|
|
)
|
|
|
|
|
client.create_volume.assert_called_once_with(
|
|
|
|
|
'foo',
|
|
|
|
|
driver='bridge',
|
|
|
|
|
driver_opts={},
|
|
|
|
|
)
|
|
|
|
|
|
2017-03-28 23:09:30 +00:00
|
|
|
@skipIf(docker_version < (1, 5, 0),
|
2015-12-01 10:16:55 +00:00
|
|
|
'docker module must be installed to run this test or is too old. >=1.5.0')
|
|
|
|
|
def test_remove_volume(self, *args):
|
|
|
|
|
'''
|
|
|
|
|
test remove volume.
|
|
|
|
|
'''
|
|
|
|
|
__salt__ = {
|
|
|
|
|
'config.get': Mock(),
|
|
|
|
|
'mine.send': Mock(),
|
|
|
|
|
}
|
|
|
|
|
client = Mock()
|
|
|
|
|
client.api_version = '1.21'
|
Improved Docker auth handling and other misc. Docker improvements
This commit changes how we handle Docker authentication. We no longer
try to auth when pushing/pulling images. This was initially done based
on a misunderstanding of how authentication was handled in docker-py.
docker-py will automagically use the base64-encoded username/password
combination stored in config.json if present, so we don't need to auth
at all for push or pull, docker-py will handle all of that. We just need
to make sure that we get the auth info into the config.json. To do this
I have added a login() function to the execution module, which uses the
Docker CLI to authenticate (with output_loglevel set to "quiet" to
suppress any logging of the credentials). The CLI is used in this
instance because docker-py provides no interface by which to persist a
login in the config.json; it can read from the file, but is not designed
to *write* to it. Rather than trying to write to this file ourselves,
and potentially breaking it when (not *if*) Docker decides to change the
internal format of the JSON data structure, using the CLI is a way of
future-proofing the authentication logic.
Context caching of the docker-py client instance has also been removed.
Context caching was used based on the same incorrect understanding of
how docker-py handles authentication, and sought to avoid repeated login
attempts. As that is no longer a concern, there is no need to cache the
client instance in the context dunder because we don't really gain a
performance benefit from it.
The _image_wrapper() function has been removed, as it no longer serves
any purpose, and the image-specific code in it that was still needed
has been absorbed into the _client_wrapper() helper. The functions which
used the _image_wrapper() helper (like push() and pull()) now use
_client_wrapper().
Additionally, the decorators used to enforce a minimum Docker version
(or Docker API version) have been removed. These are not necessary since
docker-py handles raising exceptions when a given feature is not
supported by the effective API version. The _client_wrapper() helper
function now checks for miscellaneous docker exceptions by catching the
docker.errors.DockerException class, which is the base class for the
custom exceptions raised by docker-py, and by doing so catches exceptions
raised due to API version incompatibility (and more).
The list of functions in the top-level docstring has been removed as it
is very out-of-date, and is somewhat superfluous anyway given that we
have for some time now had a list of the functions on the right side of
the page in the documentation.
Other changes:
- Fixed a bug I introduced when I overhauled the
docker_container.running state, in which a container with no changes
to be made, which was not running, would be started by the state even
when test=True was passed.
- Custom registry image names are now properly identified. The colon in
the hostname of the custom registry was previously causing incorrect
identification of the image name and tag, when no explicit tag was
being passed (e.g. localhost:5000/myimage).
- When configuring credentials, the creds for the Docker Hub can be
configured under a registry named ``hub``. This keeps the user from
having to figure out the registry URL and configure it in their Pillar
data, and thus makes using this module easier.
- Removes the email address from the documentation for credential
configuration. This was probably initially added because docker-py
accepts it as an argument, but it is entirely ignored for purposes of
authentication (even by docker-py) and is thus unnecessary. Relic of
an earlier time in Docker's history, perhaps?
- Fixed RST references to functions which weren't caught when this
module was renamed to dockermod.py
- Allow filter arguments in docker.networks to be passed as a
comma-separated list as well as a Python list, in keeping with general
usage elsewhere in Salt.
2017-04-02 21:27:06 +00:00
|
|
|
get_client_mock = MagicMock(return_value=client)
|
|
|
|
|
|
2017-02-12 00:22:14 +00:00
|
|
|
with patch.dict(docker_mod.__dict__,
|
2015-12-01 10:16:55 +00:00
|
|
|
{'__salt__': __salt__}):
|
Improved Docker auth handling and other misc. Docker improvements
This commit changes how we handle Docker authentication. We no longer
try to auth when pushing/pulling images. This was initially done based
on a misunderstanding of how authentication was handled in docker-py.
docker-py will automagically use the base64-encoded username/password
combination stored in config.json if present, so we don't need to auth
at all for push or pull, docker-py will handle all of that. We just need
to make sure that we get the auth info into the config.json. To do this
I have added a login() function to the execution module, which uses the
Docker CLI to authenticate (with output_loglevel set to "quiet" to
suppress any logging of the credentials). The CLI is used in this
instance because docker-py provides no interface by which to persist a
login in the config.json; it can read from the file, but is not designed
to *write* to it. Rather than trying to write to this file ourselves,
and potentially breaking it when (not *if*) Docker decides to change the
internal format of the JSON data structure, using the CLI is a way of
future-proofing the authentication logic.
Context caching of the docker-py client instance has also been removed.
Context caching was used based on the same incorrect understanding of
how docker-py handles authentication, and sought to avoid repeated login
attempts. As that is no longer a concern, there is no need to cache the
client instance in the context dunder because we don't really gain a
performance benefit from it.
The _image_wrapper() function has been removed, as it no longer serves
any purpose, and the image-specific code in it that was still needed
has been absorbed into the _client_wrapper() helper. The functions which
used the _image_wrapper() helper (like push() and pull()) now use
_client_wrapper().
Additionally, the decorators used to enforce a minimum Docker version
(or Docker API version) have been removed. These are not necessary since
docker-py handles raising exceptions when a given feature is not
supported by the effective API version. The _client_wrapper() helper
function now checks for miscellaneous docker exceptions by catching the
docker.errors.DockerException class, which is the base class for the
custom exceptions raised by docker-py, and by doing so catches exceptions
raised due to API version incompatibility (and more).
The list of functions in the top-level docstring has been removed as it
is very out-of-date, and is somewhat superfluous anyway given that we
have for some time now had a list of the functions on the right side of
the page in the documentation.
Other changes:
- Fixed a bug I introduced when I overhauled the
docker_container.running state, in which a container with no changes
to be made, which was not running, would be started by the state even
when test=True was passed.
- Custom registry image names are now properly identified. The colon in
the hostname of the custom registry was previously causing incorrect
identification of the image name and tag, when no explicit tag was
being passed (e.g. localhost:5000/myimage).
- When configuring credentials, the creds for the Docker Hub can be
configured under a registry named ``hub``. This keeps the user from
having to figure out the registry URL and configure it in their Pillar
data, and thus makes using this module easier.
- Removes the email address from the documentation for credential
configuration. This was probably initially added because docker-py
accepts it as an argument, but it is entirely ignored for purposes of
authentication (even by docker-py) and is thus unnecessary. Relic of
an earlier time in Docker's history, perhaps?
- Fixed RST references to functions which weren't caught when this
module was renamed to dockermod.py
- Allow filter arguments in docker.networks to be passed as a
comma-separated list as well as a Python list, in keeping with general
usage elsewhere in Salt.
2017-04-02 21:27:06 +00:00
|
|
|
with patch.object(docker_mod, '_get_client', get_client_mock):
|
2017-02-12 00:22:14 +00:00
|
|
|
docker_mod.remove_volume('foo')
|
2015-12-01 10:16:55 +00:00
|
|
|
client.remove_volume.assert_called_once_with('foo')
|
|
|
|
|
|
2017-03-28 23:09:30 +00:00
|
|
|
@skipIf(docker_version < (1, 5, 0),
|
2015-12-01 10:16:55 +00:00
|
|
|
'docker module must be installed to run this test or is too old. >=1.5.0')
|
|
|
|
|
def test_inspect_volume(self, *args):
|
|
|
|
|
'''
|
|
|
|
|
test inspect volume.
|
|
|
|
|
'''
|
|
|
|
|
__salt__ = {
|
|
|
|
|
'config.get': Mock(),
|
|
|
|
|
'mine.send': Mock(),
|
|
|
|
|
}
|
|
|
|
|
client = Mock()
|
|
|
|
|
client.api_version = '1.21'
|
Improved Docker auth handling and other misc. Docker improvements
This commit changes how we handle Docker authentication. We no longer
try to auth when pushing/pulling images. This was initially done based
on a misunderstanding of how authentication was handled in docker-py.
docker-py will automagically use the base64-encoded username/password
combination stored in config.json if present, so we don't need to auth
at all for push or pull, docker-py will handle all of that. We just need
to make sure that we get the auth info into the config.json. To do this
I have added a login() function to the execution module, which uses the
Docker CLI to authenticate (with output_loglevel set to "quiet" to
suppress any logging of the credentials). The CLI is used in this
instance because docker-py provides no interface by which to persist a
login in the config.json; it can read from the file, but is not designed
to *write* to it. Rather than trying to write to this file ourselves,
and potentially breaking it when (not *if*) Docker decides to change the
internal format of the JSON data structure, using the CLI is a way of
future-proofing the authentication logic.
Context caching of the docker-py client instance has also been removed.
Context caching was used based on the same incorrect understanding of
how docker-py handles authentication, and sought to avoid repeated login
attempts. As that is no longer a concern, there is no need to cache the
client instance in the context dunder because we don't really gain a
performance benefit from it.
The _image_wrapper() function has been removed, as it no longer serves
any purpose, and the image-specific code in it that was still needed
has been absorbed into the _client_wrapper() helper. The functions which
used the _image_wrapper() helper (like push() and pull()) now use
_client_wrapper().
Additionally, the decorators used to enforce a minimum Docker version
(or Docker API version) have been removed. These are not necessary since
docker-py handles raising exceptions when a given feature is not
supported by the effective API version. The _client_wrapper() helper
function now checks for miscellaneous docker exceptions by catching the
docker.errors.DockerException class, which is the base class for the
custom exceptions raised by docker-py, and by doing so catches exceptions
raised due to API version incompatibility (and more).
The list of functions in the top-level docstring has been removed as it
is very out-of-date, and is somewhat superfluous anyway given that we
have for some time now had a list of the functions on the right side of
the page in the documentation.
Other changes:
- Fixed a bug I introduced when I overhauled the
docker_container.running state, in which a container with no changes
to be made, which was not running, would be started by the state even
when test=True was passed.
- Custom registry image names are now properly identified. The colon in
the hostname of the custom registry was previously causing incorrect
identification of the image name and tag, when no explicit tag was
being passed (e.g. localhost:5000/myimage).
- When configuring credentials, the creds for the Docker Hub can be
configured under a registry named ``hub``. This keeps the user from
having to figure out the registry URL and configure it in their Pillar
data, and thus makes using this module easier.
- Removes the email address from the documentation for credential
configuration. This was probably initially added because docker-py
accepts it as an argument, but it is entirely ignored for purposes of
authentication (even by docker-py) and is thus unnecessary. Relic of
an earlier time in Docker's history, perhaps?
- Fixed RST references to functions which weren't caught when this
module was renamed to dockermod.py
- Allow filter arguments in docker.networks to be passed as a
comma-separated list as well as a Python list, in keeping with general
usage elsewhere in Salt.
2017-04-02 21:27:06 +00:00
|
|
|
get_client_mock = MagicMock(return_value=client)
|
|
|
|
|
|
2017-02-12 00:22:14 +00:00
|
|
|
with patch.dict(docker_mod.__dict__,
|
2015-12-01 10:16:55 +00:00
|
|
|
{'__salt__': __salt__}):
|
Improved Docker auth handling and other misc. Docker improvements
This commit changes how we handle Docker authentication. We no longer
try to auth when pushing/pulling images. This was initially done based
on a misunderstanding of how authentication was handled in docker-py.
docker-py will automagically use the base64-encoded username/password
combination stored in config.json if present, so we don't need to auth
at all for push or pull, docker-py will handle all of that. We just need
to make sure that we get the auth info into the config.json. To do this
I have added a login() function to the execution module, which uses the
Docker CLI to authenticate (with output_loglevel set to "quiet" to
suppress any logging of the credentials). The CLI is used in this
instance because docker-py provides no interface by which to persist a
login in the config.json; it can read from the file, but is not designed
to *write* to it. Rather than trying to write to this file ourselves,
and potentially breaking it when (not *if*) Docker decides to change the
internal format of the JSON data structure, using the CLI is a way of
future-proofing the authentication logic.
Context caching of the docker-py client instance has also been removed.
Context caching was used based on the same incorrect understanding of
how docker-py handles authentication, and sought to avoid repeated login
attempts. As that is no longer a concern, there is no need to cache the
client instance in the context dunder because we don't really gain a
performance benefit from it.
The _image_wrapper() function has been removed, as it no longer serves
any purpose, and the image-specific code in it that was still needed
has been absorbed into the _client_wrapper() helper. The functions which
used the _image_wrapper() helper (like push() and pull()) now use
_client_wrapper().
Additionally, the decorators used to enforce a minimum Docker version
(or Docker API version) have been removed. These are not necessary since
docker-py handles raising exceptions when a given feature is not
supported by the effective API version. The _client_wrapper() helper
function now checks for miscellaneous docker exceptions by catching the
docker.errors.DockerException class, which is the base class for the
custom exceptions raised by docker-py, and by doing so catches exceptions
raised due to API version incompatibility (and more).
The list of functions in the top-level docstring has been removed as it
is very out-of-date, and is somewhat superfluous anyway given that we
have for some time now had a list of the functions on the right side of
the page in the documentation.
Other changes:
- Fixed a bug I introduced when I overhauled the
docker_container.running state, in which a container with no changes
to be made, which was not running, would be started by the state even
when test=True was passed.
- Custom registry image names are now properly identified. The colon in
the hostname of the custom registry was previously causing incorrect
identification of the image name and tag, when no explicit tag was
being passed (e.g. localhost:5000/myimage).
- When configuring credentials, the creds for the Docker Hub can be
configured under a registry named ``hub``. This keeps the user from
having to figure out the registry URL and configure it in their Pillar
data, and thus makes using this module easier.
- Removes the email address from the documentation for credential
configuration. This was probably initially added because docker-py
accepts it as an argument, but it is entirely ignored for purposes of
authentication (even by docker-py) and is thus unnecessary. Relic of
an earlier time in Docker's history, perhaps?
- Fixed RST references to functions which weren't caught when this
module was renamed to dockermod.py
- Allow filter arguments in docker.networks to be passed as a
comma-separated list as well as a Python list, in keeping with general
usage elsewhere in Salt.
2017-04-02 21:27:06 +00:00
|
|
|
with patch.object(docker_mod, '_get_client', get_client_mock):
|
2017-02-12 00:22:14 +00:00
|
|
|
docker_mod.inspect_volume('foo')
|
2015-12-01 10:16:55 +00:00
|
|
|
client.inspect_volume.assert_called_once_with('foo')
|
|
|
|
|
|
2016-04-13 14:16:26 +00:00
|
|
|
def test_wait_success(self):
|
|
|
|
|
client = Mock()
|
|
|
|
|
client.api_version = '1.21'
|
|
|
|
|
client.wait = Mock(return_value=0)
|
Improved Docker auth handling and other misc. Docker improvements
This commit changes how we handle Docker authentication. We no longer
try to auth when pushing/pulling images. This was initially done based
on a misunderstanding of how authentication was handled in docker-py.
docker-py will automagically use the base64-encoded username/password
combination stored in config.json if present, so we don't need to auth
at all for push or pull, docker-py will handle all of that. We just need
to make sure that we get the auth info into the config.json. To do this
I have added a login() function to the execution module, which uses the
Docker CLI to authenticate (with output_loglevel set to "quiet" to
suppress any logging of the credentials). The CLI is used in this
instance because docker-py provides no interface by which to persist a
login in the config.json; it can read from the file, but is not designed
to *write* to it. Rather than trying to write to this file ourselves,
and potentially breaking it when (not *if*) Docker decides to change the
internal format of the JSON data structure, using the CLI is a way of
future-proofing the authentication logic.
Context caching of the docker-py client instance has also been removed.
Context caching was used based on the same incorrect understanding of
how docker-py handles authentication, and sought to avoid repeated login
attempts. As that is no longer a concern, there is no need to cache the
client instance in the context dunder because we don't really gain a
performance benefit from it.
The _image_wrapper() function has been removed, as it no longer serves
any purpose, and the image-specific code in it that was still needed
has been absorbed into the _client_wrapper() helper. The functions which
used the _image_wrapper() helper (like push() and pull()) now use
_client_wrapper().
Additionally, the decorators used to enforce a minimum Docker version
(or Docker API version) have been removed. These are not necessary since
docker-py handles raising exceptions when a given feature is not
supported by the effective API version. The _client_wrapper() helper
function now checks for miscellaneous docker exceptions by catching the
docker.errors.DockerException class, which is the base class for the
custom exceptions raised by docker-py, and by doing so catches exceptions
raised due to API version incompatibility (and more).
The list of functions in the top-level docstring has been removed as it
is very out-of-date, and is somewhat superfluous anyway given that we
have for some time now had a list of the functions on the right side of
the page in the documentation.
Other changes:
- Fixed a bug I introduced when I overhauled the
docker_container.running state, in which a container with no changes
to be made, which was not running, would be started by the state even
when test=True was passed.
- Custom registry image names are now properly identified. The colon in
the hostname of the custom registry was previously causing incorrect
identification of the image name and tag, when no explicit tag was
being passed (e.g. localhost:5000/myimage).
- When configuring credentials, the creds for the Docker Hub can be
configured under a registry named ``hub``. This keeps the user from
having to figure out the registry URL and configure it in their Pillar
data, and thus makes using this module easier.
- Removes the email address from the documentation for credential
configuration. This was probably initially added because docker-py
accepts it as an argument, but it is entirely ignored for purposes of
authentication (even by docker-py) and is thus unnecessary. Relic of
an earlier time in Docker's history, perhaps?
- Fixed RST references to functions which weren't caught when this
module was renamed to dockermod.py
- Allow filter arguments in docker.networks to be passed as a
comma-separated list as well as a Python list, in keeping with general
usage elsewhere in Salt.
2017-04-02 21:27:06 +00:00
|
|
|
get_client_mock = MagicMock(return_value=client)
|
|
|
|
|
|
2017-02-12 00:22:14 +00:00
|
|
|
docker_inspect_container = Mock(side_effect=[
|
2016-04-13 14:16:26 +00:00
|
|
|
{'State': {'Running': True}},
|
|
|
|
|
{'State': {'Stopped': True}}])
|
2017-02-12 00:22:14 +00:00
|
|
|
with patch.object(docker_mod, 'inspect_container',
|
|
|
|
|
docker_inspect_container):
|
Improved Docker auth handling and other misc. Docker improvements
This commit changes how we handle Docker authentication. We no longer
try to auth when pushing/pulling images. This was initially done based
on a misunderstanding of how authentication was handled in docker-py.
docker-py will automagically use the base64-encoded username/password
combination stored in config.json if present, so we don't need to auth
at all for push or pull, docker-py will handle all of that. We just need
to make sure that we get the auth info into the config.json. To do this
I have added a login() function to the execution module, which uses the
Docker CLI to authenticate (with output_loglevel set to "quiet" to
suppress any logging of the credentials). The CLI is used in this
instance because docker-py provides no interface by which to persist a
login in the config.json; it can read from the file, but is not designed
to *write* to it. Rather than trying to write to this file ourselves,
and potentially breaking it when (not *if*) Docker decides to change the
internal format of the JSON data structure, using the CLI is a way of
future-proofing the authentication logic.
Context caching of the docker-py client instance has also been removed.
Context caching was used based on the same incorrect understanding of
how docker-py handles authentication, and sought to avoid repeated login
attempts. As that is no longer a concern, there is no need to cache the
client instance in the context dunder because we don't really gain a
performance benefit from it.
The _image_wrapper() function has been removed, as it no longer serves
any purpose, and the image-specific code in it that was still needed
has been absorbed into the _client_wrapper() helper. The functions which
used the _image_wrapper() helper (like push() and pull()) now use
_client_wrapper().
Additionally, the decorators used to enforce a minimum Docker version
(or Docker API version) have been removed. These are not necessary since
docker-py handles raising exceptions when a given feature is not
supported by the effective API version. The _client_wrapper() helper
function now checks for miscellaneous docker exceptions by catching the
docker.errors.DockerException class, which is the base class for the
custom exceptions raised by docker-py, and by doing so catches exceptions
raised due to API version incompatibility (and more).
The list of functions in the top-level docstring has been removed as it
is very out-of-date, and is somewhat superfluous anyway given that we
have for some time now had a list of the functions on the right side of
the page in the documentation.
Other changes:
- Fixed a bug I introduced when I overhauled the
docker_container.running state, in which a container with no changes
to be made, which was not running, would be started by the state even
when test=True was passed.
- Custom registry image names are now properly identified. The colon in
the hostname of the custom registry was previously causing incorrect
identification of the image name and tag, when no explicit tag was
being passed (e.g. localhost:5000/myimage).
- When configuring credentials, the creds for the Docker Hub can be
configured under a registry named ``hub``. This keeps the user from
having to figure out the registry URL and configure it in their Pillar
data, and thus makes using this module easier.
- Removes the email address from the documentation for credential
configuration. This was probably initially added because docker-py
accepts it as an argument, but it is entirely ignored for purposes of
authentication (even by docker-py) and is thus unnecessary. Relic of
an earlier time in Docker's history, perhaps?
- Fixed RST references to functions which weren't caught when this
module was renamed to dockermod.py
- Allow filter arguments in docker.networks to be passed as a
comma-separated list as well as a Python list, in keeping with general
usage elsewhere in Salt.
2017-04-02 21:27:06 +00:00
|
|
|
with patch.object(docker_mod, '_get_client', get_client_mock):
|
2017-02-12 00:22:14 +00:00
|
|
|
docker_mod._clear_context()
|
|
|
|
|
result = docker_mod.wait('foo')
|
2016-04-13 14:16:26 +00:00
|
|
|
self.assertEqual(result, {'result': True,
|
|
|
|
|
'exit_status': 0,
|
|
|
|
|
'state': {'new': 'stopped',
|
|
|
|
|
'old': 'running'}})
|
|
|
|
|
|
|
|
|
|
def test_wait_fails_already_stopped(self):
|
|
|
|
|
client = Mock()
|
|
|
|
|
client.api_version = '1.21'
|
|
|
|
|
client.wait = Mock(return_value=0)
|
Improved Docker auth handling and other misc. Docker improvements
This commit changes how we handle Docker authentication. We no longer
try to auth when pushing/pulling images. This was initially done based
on a misunderstanding of how authentication was handled in docker-py.
docker-py will automagically use the base64-encoded username/password
combination stored in config.json if present, so we don't need to auth
at all for push or pull, docker-py will handle all of that. We just need
to make sure that we get the auth info into the config.json. To do this
I have added a login() function to the execution module, which uses the
Docker CLI to authenticate (with output_loglevel set to "quiet" to
suppress any logging of the credentials). The CLI is used in this
instance because docker-py provides no interface by which to persist a
login in the config.json; it can read from the file, but is not designed
to *write* to it. Rather than trying to write to this file ourselves,
and potentially breaking it when (not *if*) Docker decides to change the
internal format of the JSON data structure, using the CLI is a way of
future-proofing the authentication logic.
Context caching of the docker-py client instance has also been removed.
Context caching was used based on the same incorrect understanding of
how docker-py handles authentication, and sought to avoid repeated login
attempts. As that is no longer a concern, there is no need to cache the
client instance in the context dunder because we don't really gain a
performance benefit from it.
The _image_wrapper() function has been removed, as it no longer serves
any purpose, and the image-specific code in it that was still needed
has been absorbed into the _client_wrapper() helper. The functions which
used the _image_wrapper() helper (like push() and pull()) now use
_client_wrapper().
Additionally, the decorators used to enforce a minimum Docker version
(or Docker API version) have been removed. These are not necessary since
docker-py handles raising exceptions when a given feature is not
supported by the effective API version. The _client_wrapper() helper
function now checks for miscellaneous docker exceptions by catching the
docker.errors.DockerException class, which is the base class for the
custom exceptions raised by docker-py, and by doing so catches exceptions
raised due to API version incompatibility (and more).
The list of functions in the top-level docstring has been removed as it
is very out-of-date, and is somewhat superfluous anyway given that we
have for some time now had a list of the functions on the right side of
the page in the documentation.
Other changes:
- Fixed a bug I introduced when I overhauled the
docker_container.running state, in which a container with no changes
to be made, which was not running, would be started by the state even
when test=True was passed.
- Custom registry image names are now properly identified. The colon in
the hostname of the custom registry was previously causing incorrect
identification of the image name and tag, when no explicit tag was
being passed (e.g. localhost:5000/myimage).
- When configuring credentials, the creds for the Docker Hub can be
configured under a registry named ``hub``. This keeps the user from
having to figure out the registry URL and configure it in their Pillar
data, and thus makes using this module easier.
- Removes the email address from the documentation for credential
configuration. This was probably initially added because docker-py
accepts it as an argument, but it is entirely ignored for purposes of
authentication (even by docker-py) and is thus unnecessary. Relic of
an earlier time in Docker's history, perhaps?
- Fixed RST references to functions which weren't caught when this
module was renamed to dockermod.py
- Allow filter arguments in docker.networks to be passed as a
comma-separated list as well as a Python list, in keeping with general
usage elsewhere in Salt.
2017-04-02 21:27:06 +00:00
|
|
|
get_client_mock = MagicMock(return_value=client)
|
|
|
|
|
|
2017-02-12 00:22:14 +00:00
|
|
|
docker_inspect_container = Mock(side_effect=[
|
2016-04-13 14:16:26 +00:00
|
|
|
{'State': {'Stopped': True}},
|
|
|
|
|
{'State': {'Stopped': True}},
|
|
|
|
|
])
|
2017-02-12 00:22:14 +00:00
|
|
|
with patch.object(docker_mod, 'inspect_container',
|
|
|
|
|
docker_inspect_container):
|
Improved Docker auth handling and other misc. Docker improvements
This commit changes how we handle Docker authentication. We no longer
try to auth when pushing/pulling images. This was initially done based
on a misunderstanding of how authentication was handled in docker-py.
docker-py will automagically use the base64-encoded username/password
combination stored in config.json if present, so we don't need to auth
at all for push or pull, docker-py will handle all of that. We just need
to make sure that we get the auth info into the config.json. To do this
I have added a login() function to the execution module, which uses the
Docker CLI to authenticate (with output_loglevel set to "quiet" to
suppress any logging of the credentials). The CLI is used in this
instance because docker-py provides no interface by which to persist a
login in the config.json; it can read from the file, but is not designed
to *write* to it. Rather than trying to write to this file ourselves,
and potentially breaking it when (not *if*) Docker decides to change the
internal format of the JSON data structure, using the CLI is a way of
future-proofing the authentication logic.
Context caching of the docker-py client instance has also been removed.
Context caching was used based on the same incorrect understanding of
how docker-py handles authentication, and sought to avoid repeated login
attempts. As that is no longer a concern, there is no need to cache the
client instance in the context dunder because we don't really gain a
performance benefit from it.
The _image_wrapper() function has been removed, as it no longer serves
any purpose, and the image-specific code in it that was still needed
has been absorbed into the _client_wrapper() helper. The functions which
used the _image_wrapper() helper (like push() and pull()) now use
_client_wrapper().
Additionally, the decorators used to enforce a minimum Docker version
(or Docker API version) have been removed. These are not necessary since
docker-py handles raising exceptions when a given feature is not
supported by the effective API version. The _client_wrapper() helper
function now checks for miscellaneous docker exceptions by catching the
docker.errors.DockerException class, which is the base class for the
custom exceptions raised by docker-py, and by doing so catches exceptions
raised due to API version incompatibility (and more).
The list of functions in the top-level docstring has been removed as it
is very out-of-date, and is somewhat superfluous anyway given that we
have for some time now had a list of the functions on the right side of
the page in the documentation.
Other changes:
- Fixed a bug I introduced when I overhauled the
docker_container.running state, in which a container with no changes
to be made, which was not running, would be started by the state even
when test=True was passed.
- Custom registry image names are now properly identified. The colon in
the hostname of the custom registry was previously causing incorrect
identification of the image name and tag, when no explicit tag was
being passed (e.g. localhost:5000/myimage).
- When configuring credentials, the creds for the Docker Hub can be
configured under a registry named ``hub``. This keeps the user from
having to figure out the registry URL and configure it in their Pillar
data, and thus makes using this module easier.
- Removes the email address from the documentation for credential
configuration. This was probably initially added because docker-py
accepts it as an argument, but it is entirely ignored for purposes of
authentication (even by docker-py) and is thus unnecessary. Relic of
an earlier time in Docker's history, perhaps?
- Fixed RST references to functions which weren't caught when this
module was renamed to dockermod.py
- Allow filter arguments in docker.networks to be passed as a
comma-separated list as well as a Python list, in keeping with general
usage elsewhere in Salt.
2017-04-02 21:27:06 +00:00
|
|
|
with patch.object(docker_mod, '_get_client', get_client_mock):
|
2017-02-12 00:22:14 +00:00
|
|
|
docker_mod._clear_context()
|
|
|
|
|
result = docker_mod.wait('foo')
|
2016-04-13 14:16:26 +00:00
|
|
|
self.assertEqual(result, {'result': False,
|
|
|
|
|
'comment': "Container 'foo' already stopped",
|
|
|
|
|
'exit_status': 0,
|
|
|
|
|
'state': {'new': 'stopped',
|
|
|
|
|
'old': 'stopped'}})
|
|
|
|
|
|
|
|
|
|
def test_wait_success_already_stopped(self):
|
|
|
|
|
client = Mock()
|
|
|
|
|
client.api_version = '1.21'
|
|
|
|
|
client.wait = Mock(return_value=0)
|
Improved Docker auth handling and other misc. Docker improvements
This commit changes how we handle Docker authentication. We no longer
try to auth when pushing/pulling images. This was initially done based
on a misunderstanding of how authentication was handled in docker-py.
docker-py will automagically use the base64-encoded username/password
combination stored in config.json if present, so we don't need to auth
at all for push or pull, docker-py will handle all of that. We just need
to make sure that we get the auth info into the config.json. To do this
I have added a login() function to the execution module, which uses the
Docker CLI to authenticate (with output_loglevel set to "quiet" to
suppress any logging of the credentials). The CLI is used in this
instance because docker-py provides no interface by which to persist a
login in the config.json; it can read from the file, but is not designed
to *write* to it. Rather than trying to write to this file ourselves,
and potentially breaking it when (not *if*) Docker decides to change the
internal format of the JSON data structure, using the CLI is a way of
future-proofing the authentication logic.
Context caching of the docker-py client instance has also been removed.
Context caching was used based on the same incorrect understanding of
how docker-py handles authentication, and sought to avoid repeated login
attempts. As that is no longer a concern, there is no need to cache the
client instance in the context dunder because we don't really gain a
performance benefit from it.
The _image_wrapper() function has been removed, as it no longer serves
any purpose, and the image-specific code in it that was still needed
has been absorbed into the _client_wrapper() helper. The functions which
used the _image_wrapper() helper (like push() and pull()) now use
_client_wrapper().
Additionally, the decorators used to enforce a minimum Docker version
(or Docker API version) have been removed. These are not necessary since
docker-py handles raising exceptions when a given feature is not
supported by the effective API version. The _client_wrapper() helper
function now checks for miscellaneous docker exceptions by catching the
docker.errors.DockerException class, which is the base class for the
custom exceptions raised by docker-py, and by doing so catches exceptions
raised due to API version incompatibility (and more).
The list of functions in the top-level docstring has been removed as it
is very out-of-date, and is somewhat superfluous anyway given that we
have for some time now had a list of the functions on the right side of
the page in the documentation.
Other changes:
- Fixed a bug I introduced when I overhauled the
docker_container.running state, in which a container with no changes
to be made, which was not running, would be started by the state even
when test=True was passed.
- Custom registry image names are now properly identified. The colon in
the hostname of the custom registry was previously causing incorrect
identification of the image name and tag, when no explicit tag was
being passed (e.g. localhost:5000/myimage).
- When configuring credentials, the creds for the Docker Hub can be
configured under a registry named ``hub``. This keeps the user from
having to figure out the registry URL and configure it in their Pillar
data, and thus makes using this module easier.
- Removes the email address from the documentation for credential
configuration. This was probably initially added because docker-py
accepts it as an argument, but it is entirely ignored for purposes of
authentication (even by docker-py) and is thus unnecessary. Relic of
an earlier time in Docker's history, perhaps?
- Fixed RST references to functions which weren't caught when this
module was renamed to dockermod.py
- Allow filter arguments in docker.networks to be passed as a
comma-separated list as well as a Python list, in keeping with general
usage elsewhere in Salt.
2017-04-02 21:27:06 +00:00
|
|
|
get_client_mock = MagicMock(return_value=client)
|
|
|
|
|
|
2017-02-12 00:22:14 +00:00
|
|
|
docker_inspect_container = Mock(side_effect=[
|
2016-04-13 14:16:26 +00:00
|
|
|
{'State': {'Stopped': True}},
|
|
|
|
|
{'State': {'Stopped': True}},
|
|
|
|
|
])
|
2017-02-12 00:22:14 +00:00
|
|
|
with patch.object(docker_mod, 'inspect_container',
|
|
|
|
|
docker_inspect_container):
|
Improved Docker auth handling and other misc. Docker improvements
This commit changes how we handle Docker authentication. We no longer
try to auth when pushing/pulling images. This was initially done based
on a misunderstanding of how authentication was handled in docker-py.
docker-py will automagically use the base64-encoded username/password
combination stored in config.json if present, so we don't need to auth
at all for push or pull, docker-py will handle all of that. We just need
to make sure that we get the auth info into the config.json. To do this
I have added a login() function to the execution module, which uses the
Docker CLI to authenticate (with output_loglevel set to "quiet" to
suppress any logging of the credentials). The CLI is used in this
instance because docker-py provides no interface by which to persist a
login in the config.json; it can read from the file, but is not designed
to *write* to it. Rather than trying to write to this file ourselves,
and potentially breaking it when (not *if*) Docker decides to change the
internal format of the JSON data structure, using the CLI is a way of
future-proofing the authentication logic.
Context caching of the docker-py client instance has also been removed.
Context caching was used based on the same incorrect understanding of
how docker-py handles authentication, and sought to avoid repeated login
attempts. As that is no longer a concern, there is no need to cache the
client instance in the context dunder because we don't really gain a
performance benefit from it.
The _image_wrapper() function has been removed, as it no longer serves
any purpose, and the image-specific code in it that was still needed
has been absorbed into the _client_wrapper() helper. The functions which
used the _image_wrapper() helper (like push() and pull()) now use
_client_wrapper().
Additionally, the decorators used to enforce a minimum Docker version
(or Docker API version) have been removed. These are not necessary since
docker-py handles raising exceptions when a given feature is not
supported by the effective API version. The _client_wrapper() helper
function now checks for miscellaneous docker exceptions by catching the
docker.errors.DockerException class, which is the base class for the
custom exceptions raised by docker-py, and by doing so catches exceptions
raised due to API version incompatibility (and more).
The list of functions in the top-level docstring has been removed as it
is very out-of-date, and is somewhat superfluous anyway given that we
have for some time now had a list of the functions on the right side of
the page in the documentation.
Other changes:
- Fixed a bug I introduced when I overhauled the
docker_container.running state, in which a container with no changes
to be made, which was not running, would be started by the state even
when test=True was passed.
- Custom registry image names are now properly identified. The colon in
the hostname of the custom registry was previously causing incorrect
identification of the image name and tag, when no explicit tag was
being passed (e.g. localhost:5000/myimage).
- When configuring credentials, the creds for the Docker Hub can be
configured under a registry named ``hub``. This keeps the user from
having to figure out the registry URL and configure it in their Pillar
data, and thus makes using this module easier.
- Removes the email address from the documentation for credential
configuration. This was probably initially added because docker-py
accepts it as an argument, but it is entirely ignored for purposes of
authentication (even by docker-py) and is thus unnecessary. Relic of
an earlier time in Docker's history, perhaps?
- Fixed RST references to functions which weren't caught when this
module was renamed to dockermod.py
- Allow filter arguments in docker.networks to be passed as a
comma-separated list as well as a Python list, in keeping with general
usage elsewhere in Salt.
2017-04-02 21:27:06 +00:00
|
|
|
with patch.object(docker_mod, '_get_client', get_client_mock):
|
2017-02-12 00:22:14 +00:00
|
|
|
docker_mod._clear_context()
|
|
|
|
|
result = docker_mod.wait('foo', ignore_already_stopped=True)
|
2016-04-13 14:16:26 +00:00
|
|
|
self.assertEqual(result, {'result': True,
|
|
|
|
|
'comment': "Container 'foo' already stopped",
|
|
|
|
|
'exit_status': 0,
|
|
|
|
|
'state': {'new': 'stopped',
|
|
|
|
|
'old': 'stopped'}})
|
|
|
|
|
|
|
|
|
|
def test_wait_success_absent_container(self):
|
|
|
|
|
client = Mock()
|
|
|
|
|
client.api_version = '1.21'
|
Improved Docker auth handling and other misc. Docker improvements
This commit changes how we handle Docker authentication. We no longer
try to auth when pushing/pulling images. This was initially done based
on a misunderstanding of how authentication was handled in docker-py.
docker-py will automagically use the base64-encoded username/password
combination stored in config.json if present, so we don't need to auth
at all for push or pull, docker-py will handle all of that. We just need
to make sure that we get the auth info into the config.json. To do this
I have added a login() function to the execution module, which uses the
Docker CLI to authenticate (with output_loglevel set to "quiet" to
suppress any logging of the credentials). The CLI is used in this
instance because docker-py provides no interface by which to persist a
login in the config.json; it can read from the file, but is not designed
to *write* to it. Rather than trying to write to this file ourselves,
and potentially breaking it when (not *if*) Docker decides to change the
internal format of the JSON data structure, using the CLI is a way of
future-proofing the authentication logic.
Context caching of the docker-py client instance has also been removed.
Context caching was used based on the same incorrect understanding of
how docker-py handles authentication, and sought to avoid repeated login
attempts. As that is no longer a concern, there is no need to cache the
client instance in the context dunder because we don't really gain a
performance benefit from it.
The _image_wrapper() function has been removed, as it no longer serves
any purpose, and the image-specific code in it that was still needed
has been absorbed into the _client_wrapper() helper. The functions which
used the _image_wrapper() helper (like push() and pull()) now use
_client_wrapper().
Additionally, the decorators used to enforce a minimum Docker version
(or Docker API version) have been removed. These are not necessary since
docker-py handles raising exceptions when a given feature is not
supported by the effective API version. The _client_wrapper() helper
function now checks for miscellaneous docker exceptions by catching the
docker.errors.DockerException class, which is the base class for the
custom exceptions raised by docker-py, and by doing so catches exceptions
raised due to API version incompatibility (and more).
The list of functions in the top-level docstring has been removed as it
is very out-of-date, and is somewhat superfluous anyway given that we
have for some time now had a list of the functions on the right side of
the page in the documentation.
Other changes:
- Fixed a bug I introduced when I overhauled the
docker_container.running state, in which a container with no changes
to be made, which was not running, would be started by the state even
when test=True was passed.
- Custom registry image names are now properly identified. The colon in
the hostname of the custom registry was previously causing incorrect
identification of the image name and tag, when no explicit tag was
being passed (e.g. localhost:5000/myimage).
- When configuring credentials, the creds for the Docker Hub can be
configured under a registry named ``hub``. This keeps the user from
having to figure out the registry URL and configure it in their Pillar
data, and thus makes using this module easier.
- Removes the email address from the documentation for credential
configuration. This was probably initially added because docker-py
accepts it as an argument, but it is entirely ignored for purposes of
authentication (even by docker-py) and is thus unnecessary. Relic of
an earlier time in Docker's history, perhaps?
- Fixed RST references to functions which weren't caught when this
module was renamed to dockermod.py
- Allow filter arguments in docker.networks to be passed as a
comma-separated list as well as a Python list, in keeping with general
usage elsewhere in Salt.
2017-04-02 21:27:06 +00:00
|
|
|
get_client_mock = MagicMock(return_value=client)
|
|
|
|
|
|
2017-02-12 00:22:14 +00:00
|
|
|
docker_inspect_container = Mock(side_effect=CommandExecutionError)
|
|
|
|
|
with patch.object(docker_mod, 'inspect_container',
|
|
|
|
|
docker_inspect_container):
|
Improved Docker auth handling and other misc. Docker improvements
This commit changes how we handle Docker authentication. We no longer
try to auth when pushing/pulling images. This was initially done based
on a misunderstanding of how authentication was handled in docker-py.
docker-py will automagically use the base64-encoded username/password
combination stored in config.json if present, so we don't need to auth
at all for push or pull, docker-py will handle all of that. We just need
to make sure that we get the auth info into the config.json. To do this
I have added a login() function to the execution module, which uses the
Docker CLI to authenticate (with output_loglevel set to "quiet" to
suppress any logging of the credentials). The CLI is used in this
instance because docker-py provides no interface by which to persist a
login in the config.json; it can read from the file, but is not designed
to *write* to it. Rather than trying to write to this file ourselves,
and potentially breaking it when (not *if*) Docker decides to change the
internal format of the JSON data structure, using the CLI is a way of
future-proofing the authentication logic.
Context caching of the docker-py client instance has also been removed.
Context caching was used based on the same incorrect understanding of
how docker-py handles authentication, and sought to avoid repeated login
attempts. As that is no longer a concern, there is no need to cache the
client instance in the context dunder because we don't really gain a
performance benefit from it.
The _image_wrapper() function has been removed, as it no longer serves
any purpose, and the image-specific code in it that was still needed
has been absorbed into the _client_wrapper() helper. The functions which
used the _image_wrapper() helper (like push() and pull()) now use
_client_wrapper().
Additionally, the decorators used to enforce a minimum Docker version
(or Docker API version) have been removed. These are not necessary since
docker-py handles raising exceptions when a given feature is not
supported by the effective API version. The _client_wrapper() helper
function now checks for miscellaneous docker exceptions by catching the
docker.errors.DockerException class, which is the base class for the
custom exceptions raised by docker-py, and by doing so catches exceptions
raised due to API version incompatibility (and more).
The list of functions in the top-level docstring has been removed as it
is very out-of-date, and is somewhat superfluous anyway given that we
have for some time now had a list of the functions on the right side of
the page in the documentation.
Other changes:
- Fixed a bug I introduced when I overhauled the
docker_container.running state, in which a container with no changes
to be made, which was not running, would be started by the state even
when test=True was passed.
- Custom registry image names are now properly identified. The colon in
the hostname of the custom registry was previously causing incorrect
identification of the image name and tag, when no explicit tag was
being passed (e.g. localhost:5000/myimage).
- When configuring credentials, the creds for the Docker Hub can be
configured under a registry named ``hub``. This keeps the user from
having to figure out the registry URL and configure it in their Pillar
data, and thus makes using this module easier.
- Removes the email address from the documentation for credential
configuration. This was probably initially added because docker-py
accepts it as an argument, but it is entirely ignored for purposes of
authentication (even by docker-py) and is thus unnecessary. Relic of
an earlier time in Docker's history, perhaps?
- Fixed RST references to functions which weren't caught when this
module was renamed to dockermod.py
- Allow filter arguments in docker.networks to be passed as a
comma-separated list as well as a Python list, in keeping with general
usage elsewhere in Salt.
2017-04-02 21:27:06 +00:00
|
|
|
with patch.object(docker_mod, '_get_client', get_client_mock):
|
2017-02-12 00:22:14 +00:00
|
|
|
docker_mod._clear_context()
|
|
|
|
|
result = docker_mod.wait('foo', ignore_already_stopped=True)
|
2016-04-13 14:16:26 +00:00
|
|
|
self.assertEqual(result, {'result': True,
|
|
|
|
|
'comment': "Container 'foo' absent"})
|
|
|
|
|
|
|
|
|
|
def test_wait_fails_on_exit_status(self):
|
|
|
|
|
client = Mock()
|
|
|
|
|
client.api_version = '1.21'
|
|
|
|
|
client.wait = Mock(return_value=1)
|
Improved Docker auth handling and other misc. Docker improvements
This commit changes how we handle Docker authentication. We no longer
try to auth when pushing/pulling images. This was initially done based
on a misunderstanding of how authentication was handled in docker-py.
docker-py will automagically use the base64-encoded username/password
combination stored in config.json if present, so we don't need to auth
at all for push or pull, docker-py will handle all of that. We just need
to make sure that we get the auth info into the config.json. To do this
I have added a login() function to the execution module, which uses the
Docker CLI to authenticate (with output_loglevel set to "quiet" to
suppress any logging of the credentials). The CLI is used in this
instance because docker-py provides no interface by which to persist a
login in the config.json; it can read from the file, but is not designed
to *write* to it. Rather than trying to write to this file ourselves,
and potentially breaking it when (not *if*) Docker decides to change the
internal format of the JSON data structure, using the CLI is a way of
future-proofing the authentication logic.
Context caching of the docker-py client instance has also been removed.
Context caching was used based on the same incorrect understanding of
how docker-py handles authentication, and sought to avoid repeated login
attempts. As that is no longer a concern, there is no need to cache the
client instance in the context dunder because we don't really gain a
performance benefit from it.
The _image_wrapper() function has been removed, as it no longer serves
any purpose, and the image-specific code in it that was still needed
has been absorbed into the _client_wrapper() helper. The functions which
used the _image_wrapper() helper (like push() and pull()) now use
_client_wrapper().
Additionally, the decorators used to enforce a minimum Docker version
(or Docker API version) have been removed. These are not necessary since
docker-py handles raising exceptions when a given feature is not
supported by the effective API version. The _client_wrapper() helper
function now checks for miscellaneous docker exceptions by catching the
docker.errors.DockerException class, which is the base class for the
custom exceptions raised by docker-py, and by doing so catches exceptions
raised due to API version incompatibility (and more).
The list of functions in the top-level docstring has been removed as it
is very out-of-date, and is somewhat superfluous anyway given that we
have for some time now had a list of the functions on the right side of
the page in the documentation.
Other changes:
- Fixed a bug I introduced when I overhauled the
docker_container.running state, in which a container with no changes
to be made, which was not running, would be started by the state even
when test=True was passed.
- Custom registry image names are now properly identified. The colon in
the hostname of the custom registry was previously causing incorrect
identification of the image name and tag, when no explicit tag was
being passed (e.g. localhost:5000/myimage).
- When configuring credentials, the creds for the Docker Hub can be
configured under a registry named ``hub``. This keeps the user from
having to figure out the registry URL and configure it in their Pillar
data, and thus makes using this module easier.
- Removes the email address from the documentation for credential
configuration. This was probably initially added because docker-py
accepts it as an argument, but it is entirely ignored for purposes of
authentication (even by docker-py) and is thus unnecessary. Relic of
an earlier time in Docker's history, perhaps?
- Fixed RST references to functions which weren't caught when this
module was renamed to dockermod.py
- Allow filter arguments in docker.networks to be passed as a
comma-separated list as well as a Python list, in keeping with general
usage elsewhere in Salt.
2017-04-02 21:27:06 +00:00
|
|
|
get_client_mock = MagicMock(return_value=client)
|
|
|
|
|
|
2017-02-12 00:22:14 +00:00
|
|
|
docker_inspect_container = Mock(side_effect=[
|
2016-04-13 14:16:26 +00:00
|
|
|
{'State': {'Running': True}},
|
|
|
|
|
{'State': {'Stopped': True}}])
|
2017-02-12 00:22:14 +00:00
|
|
|
with patch.object(docker_mod, 'inspect_container',
|
|
|
|
|
docker_inspect_container):
|
Improved Docker auth handling and other misc. Docker improvements
This commit changes how we handle Docker authentication. We no longer
try to auth when pushing/pulling images. This was initially done based
on a misunderstanding of how authentication was handled in docker-py.
docker-py will automagically use the base64-encoded username/password
combination stored in config.json if present, so we don't need to auth
at all for push or pull, docker-py will handle all of that. We just need
to make sure that we get the auth info into the config.json. To do this
I have added a login() function to the execution module, which uses the
Docker CLI to authenticate (with output_loglevel set to "quiet" to
suppress any logging of the credentials). The CLI is used in this
instance because docker-py provides no interface by which to persist a
login in the config.json; it can read from the file, but is not designed
to *write* to it. Rather than trying to write to this file ourselves,
and potentially breaking it when (not *if*) Docker decides to change the
internal format of the JSON data structure, using the CLI is a way of
future-proofing the authentication logic.
Context caching of the docker-py client instance has also been removed.
Context caching was used based on the same incorrect understanding of
how docker-py handles authentication, and sought to avoid repeated login
attempts. As that is no longer a concern, there is no need to cache the
client instance in the context dunder because we don't really gain a
performance benefit from it.
The _image_wrapper() function has been removed, as it no longer serves
any purpose, and the image-specific code in it that was still needed
has been absorbed into the _client_wrapper() helper. The functions which
used the _image_wrapper() helper (like push() and pull()) now use
_client_wrapper().
Additionally, the decorators used to enforce a minimum Docker version
(or Docker API version) have been removed. These are not necessary since
docker-py handles raising exceptions when a given feature is not
supported by the effective API version. The _client_wrapper() helper
function now checks for miscellaneous docker exceptions by catching the
docker.errors.DockerException class, which is the base class for the
custom exceptions raised by docker-py, and by doing so catches exceptions
raised due to API version incompatibility (and more).
The list of functions in the top-level docstring has been removed as it
is very out-of-date, and is somewhat superfluous anyway given that we
have for some time now had a list of the functions on the right side of
the page in the documentation.
Other changes:
- Fixed a bug I introduced when I overhauled the
docker_container.running state, in which a container with no changes
to be made, which was not running, would be started by the state even
when test=True was passed.
- Custom registry image names are now properly identified. The colon in
the hostname of the custom registry was previously causing incorrect
identification of the image name and tag, when no explicit tag was
being passed (e.g. localhost:5000/myimage).
- When configuring credentials, the creds for the Docker Hub can be
configured under a registry named ``hub``. This keeps the user from
having to figure out the registry URL and configure it in their Pillar
data, and thus makes using this module easier.
- Removes the email address from the documentation for credential
configuration. This was probably initially added because docker-py
accepts it as an argument, but it is entirely ignored for purposes of
authentication (even by docker-py) and is thus unnecessary. Relic of
an earlier time in Docker's history, perhaps?
- Fixed RST references to functions which weren't caught when this
module was renamed to dockermod.py
- Allow filter arguments in docker.networks to be passed as a
comma-separated list as well as a Python list, in keeping with general
usage elsewhere in Salt.
2017-04-02 21:27:06 +00:00
|
|
|
with patch.object(docker_mod, '_get_client', get_client_mock):
|
2017-02-12 00:22:14 +00:00
|
|
|
docker_mod._clear_context()
|
|
|
|
|
result = docker_mod.wait('foo', fail_on_exit_status=True)
|
2016-04-13 14:16:26 +00:00
|
|
|
self.assertEqual(result, {'result': False,
|
|
|
|
|
'exit_status': 1,
|
|
|
|
|
'state': {'new': 'stopped',
|
|
|
|
|
'old': 'running'}})
|
|
|
|
|
|
|
|
|
|
def test_wait_fails_on_exit_status_and_already_stopped(self):
|
|
|
|
|
client = Mock()
|
|
|
|
|
client.api_version = '1.21'
|
|
|
|
|
client.wait = Mock(return_value=1)
|
Improved Docker auth handling and other misc. Docker improvements
This commit changes how we handle Docker authentication. We no longer
try to auth when pushing/pulling images. This was initially done based
on a misunderstanding of how authentication was handled in docker-py.
docker-py will automagically use the base64-encoded username/password
combination stored in config.json if present, so we don't need to auth
at all for push or pull, docker-py will handle all of that. We just need
to make sure that we get the auth info into the config.json. To do this
I have added a login() function to the execution module, which uses the
Docker CLI to authenticate (with output_loglevel set to "quiet" to
suppress any logging of the credentials). The CLI is used in this
instance because docker-py provides no interface by which to persist a
login in the config.json; it can read from the file, but is not designed
to *write* to it. Rather than trying to write to this file ourselves,
and potentially breaking it when (not *if*) Docker decides to change the
internal format of the JSON data structure, using the CLI is a way of
future-proofing the authentication logic.
Context caching of the docker-py client instance has also been removed.
Context caching was used based on the same incorrect understanding of
how docker-py handles authentication, and sought to avoid repeated login
attempts. As that is no longer a concern, there is no need to cache the
client instance in the context dunder because we don't really gain a
performance benefit from it.
The _image_wrapper() function has been removed, as it no longer serves
any purpose, and the image-specific code in it that was still needed
has been absorbed into the _client_wrapper() helper. The functions which
used the _image_wrapper() helper (like push() and pull()) now use
_client_wrapper().
Additionally, the decorators used to enforce a minimum Docker version
(or Docker API version) have been removed. These are not necessary since
docker-py handles raising exceptions when a given feature is not
supported by the effective API version. The _client_wrapper() helper
function now checks for miscellaneous docker exceptions by catching the
docker.errors.DockerException class, which is the base class for the
custom exceptions raised by docker-py, and by doing so catches exceptions
raised due to API version incompatibility (and more).
The list of functions in the top-level docstring has been removed as it
is very out-of-date, and is somewhat superfluous anyway given that we
have for some time now had a list of the functions on the right side of
the page in the documentation.
Other changes:
- Fixed a bug I introduced when I overhauled the
docker_container.running state, in which a container with no changes
to be made, which was not running, would be started by the state even
when test=True was passed.
- Custom registry image names are now properly identified. The colon in
the hostname of the custom registry was previously causing incorrect
identification of the image name and tag, when no explicit tag was
being passed (e.g. localhost:5000/myimage).
- When configuring credentials, the creds for the Docker Hub can be
configured under a registry named ``hub``. This keeps the user from
having to figure out the registry URL and configure it in their Pillar
data, and thus makes using this module easier.
- Removes the email address from the documentation for credential
configuration. This was probably initially added because docker-py
accepts it as an argument, but it is entirely ignored for purposes of
authentication (even by docker-py) and is thus unnecessary. Relic of
an earlier time in Docker's history, perhaps?
- Fixed RST references to functions which weren't caught when this
module was renamed to dockermod.py
- Allow filter arguments in docker.networks to be passed as a
comma-separated list as well as a Python list, in keeping with general
usage elsewhere in Salt.
2017-04-02 21:27:06 +00:00
|
|
|
get_client_mock = MagicMock(return_value=client)
|
|
|
|
|
|
2017-02-12 00:22:14 +00:00
|
|
|
docker_inspect_container = Mock(side_effect=[
|
2016-04-13 14:16:26 +00:00
|
|
|
{'State': {'Stopped': True}},
|
|
|
|
|
{'State': {'Stopped': True}}])
|
2017-02-12 00:22:14 +00:00
|
|
|
with patch.object(docker_mod, 'inspect_container',
|
|
|
|
|
docker_inspect_container):
|
Improved Docker auth handling and other misc. Docker improvements
This commit changes how we handle Docker authentication. We no longer
try to auth when pushing/pulling images. This was initially done based
on a misunderstanding of how authentication was handled in docker-py.
docker-py will automagically use the base64-encoded username/password
combination stored in config.json if present, so we don't need to auth
at all for push or pull, docker-py will handle all of that. We just need
to make sure that we get the auth info into the config.json. To do this
I have added a login() function to the execution module, which uses the
Docker CLI to authenticate (with output_loglevel set to "quiet" to
suppress any logging of the credentials). The CLI is used in this
instance because docker-py provides no interface by which to persist a
login in the config.json; it can read from the file, but is not designed
to *write* to it. Rather than trying to write to this file ourselves,
and potentially breaking it when (not *if*) Docker decides to change the
internal format of the JSON data structure, using the CLI is a way of
future-proofing the authentication logic.
Context caching of the docker-py client instance has also been removed.
Context caching was used based on the same incorrect understanding of
how docker-py handles authentication, and sought to avoid repeated login
attempts. As that is no longer a concern, there is no need to cache the
client instance in the context dunder because we don't really gain a
performance benefit from it.
The _image_wrapper() function has been removed, as it no longer serves
any purpose, and the image-specific code in it that was still needed
has been absorbed into the _client_wrapper() helper. The functions which
used the _image_wrapper() helper (like push() and pull()) now use
_client_wrapper().
Additionally, the decorators used to enforce a minimum Docker version
(or Docker API version) have been removed. These are not necessary since
docker-py handles raising exceptions when a given feature is not
supported by the effective API version. The _client_wrapper() helper
function now checks for miscellaneous docker exceptions by catching the
docker.errors.DockerException class, which is the base class for the
custom exceptions raised by docker-py, and by doing so catches exceptions
raised due to API version incompatibility (and more).
The list of functions in the top-level docstring has been removed as it
is very out-of-date, and is somewhat superfluous anyway given that we
have for some time now had a list of the functions on the right side of
the page in the documentation.
Other changes:
- Fixed a bug I introduced when I overhauled the
docker_container.running state, in which a container with no changes
to be made, which was not running, would be started by the state even
when test=True was passed.
- Custom registry image names are now properly identified. The colon in
the hostname of the custom registry was previously causing incorrect
identification of the image name and tag, when no explicit tag was
being passed (e.g. localhost:5000/myimage).
- When configuring credentials, the creds for the Docker Hub can be
configured under a registry named ``hub``. This keeps the user from
having to figure out the registry URL and configure it in their Pillar
data, and thus makes using this module easier.
- Removes the email address from the documentation for credential
configuration. This was probably initially added because docker-py
accepts it as an argument, but it is entirely ignored for purposes of
authentication (even by docker-py) and is thus unnecessary. Relic of
an earlier time in Docker's history, perhaps?
- Fixed RST references to functions which weren't caught when this
module was renamed to dockermod.py
- Allow filter arguments in docker.networks to be passed as a
comma-separated list as well as a Python list, in keeping with general
usage elsewhere in Salt.
2017-04-02 21:27:06 +00:00
|
|
|
with patch.object(docker_mod, '_get_client', get_client_mock):
|
2017-02-12 00:22:14 +00:00
|
|
|
docker_mod._clear_context()
|
|
|
|
|
result = docker_mod.wait('foo',
|
2016-04-13 14:16:26 +00:00
|
|
|
ignore_already_stopped=True,
|
|
|
|
|
fail_on_exit_status=True)
|
|
|
|
|
self.assertEqual(result, {'result': False,
|
|
|
|
|
'comment': "Container 'foo' already stopped",
|
|
|
|
|
'exit_status': 1,
|
|
|
|
|
'state': {'new': 'stopped',
|
|
|
|
|
'old': 'stopped'}})
|
|
|
|
|
|
2016-07-06 07:14:49 +00:00
|
|
|
def test_sls_build(self, *args):
|
|
|
|
|
'''
|
|
|
|
|
test build sls image.
|
|
|
|
|
'''
|
|
|
|
|
docker_start_mock = MagicMock(
|
|
|
|
|
return_value={})
|
|
|
|
|
docker_create_mock = MagicMock(
|
|
|
|
|
return_value={'Id': 'ID', 'Name': 'NAME'})
|
|
|
|
|
docker_stop_mock = MagicMock(
|
|
|
|
|
return_value={'state': {'old': 'running', 'new': 'stopped'},
|
|
|
|
|
'result': True})
|
2017-02-16 20:33:21 +00:00
|
|
|
docker_rm_mock = MagicMock(return_value={})
|
2016-07-06 07:14:49 +00:00
|
|
|
docker_commit_mock = MagicMock(
|
|
|
|
|
return_value={'Id': 'ID2', 'Image': 'foo', 'Time_Elapsed': 42})
|
|
|
|
|
|
|
|
|
|
docker_sls_mock = MagicMock(
|
|
|
|
|
return_value={
|
|
|
|
|
"file_|-/etc/test.sh_|-/etc/test.sh_|-managed": {
|
|
|
|
|
"comment": "File /etc/test.sh is in the correct state",
|
|
|
|
|
"name": "/etc/test.sh",
|
|
|
|
|
"start_time": "07:04:26.834792",
|
|
|
|
|
"result": True,
|
|
|
|
|
"duration": 13.492,
|
|
|
|
|
"__run_num__": 0,
|
|
|
|
|
"changes": {}
|
|
|
|
|
},
|
|
|
|
|
"test_|-always-passes_|-foo_|-succeed_without_changes": {
|
|
|
|
|
"comment": "Success!",
|
|
|
|
|
"name": "foo",
|
|
|
|
|
"start_time": "07:04:26.848915",
|
|
|
|
|
"result": True,
|
|
|
|
|
"duration": 0.363,
|
|
|
|
|
"__run_num__": 1,
|
|
|
|
|
"changes": {}
|
|
|
|
|
}
|
|
|
|
|
})
|
|
|
|
|
|
2016-07-06 07:37:14 +00:00
|
|
|
ret = None
|
2017-02-19 01:14:22 +00:00
|
|
|
with patch.object(docker_mod, 'start', docker_start_mock):
|
|
|
|
|
with patch.object(docker_mod, 'create', docker_create_mock):
|
|
|
|
|
with patch.object(docker_mod, 'stop', docker_stop_mock):
|
|
|
|
|
with patch.object(docker_mod, 'commit', docker_commit_mock):
|
|
|
|
|
with patch.object(docker_mod, 'sls', docker_sls_mock):
|
2017-02-16 20:33:21 +00:00
|
|
|
with patch.object(docker_mod, 'rm_', docker_rm_mock):
|
|
|
|
|
ret = docker_mod.sls_build(
|
|
|
|
|
'foo',
|
|
|
|
|
mods='foo',
|
|
|
|
|
)
|
2016-07-06 07:14:49 +00:00
|
|
|
docker_create_mock.assert_called_once_with(
|
2016-11-29 16:24:58 +00:00
|
|
|
cmd='sleep infinity',
|
2017-02-16 20:33:21 +00:00
|
|
|
image='opensuse/python', interactive=True, tty=True)
|
2016-07-06 07:14:49 +00:00
|
|
|
docker_start_mock.assert_called_once_with('ID')
|
|
|
|
|
docker_sls_mock.assert_called_once_with('ID', 'foo', 'base')
|
|
|
|
|
docker_stop_mock.assert_called_once_with('ID')
|
2017-02-16 20:33:21 +00:00
|
|
|
docker_rm_mock.assert_called_once_with('ID')
|
2016-07-06 07:14:49 +00:00
|
|
|
docker_commit_mock.assert_called_once_with('ID', 'foo')
|
2016-07-06 07:37:14 +00:00
|
|
|
self.assertEqual(
|
|
|
|
|
{'Id': 'ID2', 'Image': 'foo', 'Time_Elapsed': 42}, ret)
|
2016-07-06 07:14:49 +00:00
|
|
|
|
2017-02-10 23:11:26 +00:00
|
|
|
def test_sls_build_dryrun(self, *args):
|
|
|
|
|
'''
|
|
|
|
|
test build sls image in dryrun mode.
|
|
|
|
|
'''
|
|
|
|
|
docker_start_mock = MagicMock(
|
|
|
|
|
return_value={})
|
|
|
|
|
docker_create_mock = MagicMock(
|
|
|
|
|
return_value={'Id': 'ID', 'Name': 'NAME'})
|
|
|
|
|
docker_stop_mock = MagicMock(
|
|
|
|
|
return_value={'state': {'old': 'running', 'new': 'stopped'},
|
|
|
|
|
'result': True})
|
|
|
|
|
docker_rm_mock = MagicMock(
|
|
|
|
|
return_value={})
|
|
|
|
|
|
|
|
|
|
docker_sls_mock = MagicMock(
|
|
|
|
|
return_value={
|
|
|
|
|
"file_|-/etc/test.sh_|-/etc/test.sh_|-managed": {
|
|
|
|
|
"comment": "File /etc/test.sh is in the correct state",
|
|
|
|
|
"name": "/etc/test.sh",
|
|
|
|
|
"start_time": "07:04:26.834792",
|
|
|
|
|
"result": True,
|
|
|
|
|
"duration": 13.492,
|
|
|
|
|
"__run_num__": 0,
|
|
|
|
|
"changes": {}
|
|
|
|
|
},
|
|
|
|
|
"test_|-always-passes_|-foo_|-succeed_without_changes": {
|
|
|
|
|
"comment": "Success!",
|
|
|
|
|
"name": "foo",
|
|
|
|
|
"start_time": "07:04:26.848915",
|
|
|
|
|
"result": True,
|
|
|
|
|
"duration": 0.363,
|
|
|
|
|
"__run_num__": 1,
|
|
|
|
|
"changes": {}
|
|
|
|
|
}
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
ret = None
|
2017-02-19 01:14:22 +00:00
|
|
|
with patch.object(docker_mod, 'start', docker_start_mock):
|
|
|
|
|
with patch.object(docker_mod, 'create', docker_create_mock):
|
|
|
|
|
with patch.object(docker_mod, 'stop', docker_stop_mock):
|
|
|
|
|
with patch.object(docker_mod, 'rm_', docker_rm_mock):
|
|
|
|
|
with patch.object(docker_mod, 'sls', docker_sls_mock):
|
|
|
|
|
ret = docker_mod.sls_build(
|
|
|
|
|
'foo',
|
|
|
|
|
mods='foo',
|
|
|
|
|
dryrun=True
|
|
|
|
|
)
|
2017-02-10 23:11:26 +00:00
|
|
|
docker_create_mock.assert_called_once_with(
|
|
|
|
|
cmd='sleep infinity',
|
2017-02-16 20:33:21 +00:00
|
|
|
image='opensuse/python', interactive=True, tty=True)
|
2017-02-10 23:11:26 +00:00
|
|
|
docker_start_mock.assert_called_once_with('ID')
|
|
|
|
|
docker_sls_mock.assert_called_once_with('ID', 'foo', 'base')
|
|
|
|
|
docker_stop_mock.assert_called_once_with('ID')
|
|
|
|
|
docker_rm_mock.assert_called_once_with('ID')
|
|
|
|
|
self.assertEqual(
|
|
|
|
|
{
|
|
|
|
|
"file_|-/etc/test.sh_|-/etc/test.sh_|-managed": {
|
|
|
|
|
"comment": "File /etc/test.sh is in the correct state",
|
|
|
|
|
"name": "/etc/test.sh",
|
|
|
|
|
"start_time": "07:04:26.834792",
|
|
|
|
|
"result": True,
|
|
|
|
|
"duration": 13.492,
|
|
|
|
|
"__run_num__": 0,
|
|
|
|
|
"changes": {}
|
|
|
|
|
},
|
|
|
|
|
"test_|-always-passes_|-foo_|-succeed_without_changes": {
|
|
|
|
|
"comment": "Success!",
|
|
|
|
|
"name": "foo",
|
|
|
|
|
"start_time": "07:04:26.848915",
|
|
|
|
|
"result": True,
|
|
|
|
|
"duration": 0.363,
|
|
|
|
|
"__run_num__": 1,
|
|
|
|
|
"changes": {}
|
|
|
|
|
}
|
|
|
|
|
},
|
|
|
|
|
ret)
|
|
|
|
|
|
2016-09-01 20:56:15 +00:00
|
|
|
def test_call_success(self):
|
2016-07-06 09:49:39 +00:00
|
|
|
'''
|
|
|
|
|
test module calling inside containers
|
|
|
|
|
'''
|
2016-09-01 17:01:39 +00:00
|
|
|
ret = None
|
2016-07-06 09:49:39 +00:00
|
|
|
docker_run_all_mock = MagicMock(
|
|
|
|
|
return_value={
|
|
|
|
|
'retcode': 0,
|
|
|
|
|
'stdout': '{"retcode": 0, "comment": "container cmd"}',
|
|
|
|
|
'stderr': 'err',
|
|
|
|
|
})
|
|
|
|
|
docker_copy_to_mock = MagicMock(
|
|
|
|
|
return_value={
|
|
|
|
|
'retcode': 0
|
|
|
|
|
})
|
2017-02-10 23:11:26 +00:00
|
|
|
docker_config_mock = MagicMock(
|
|
|
|
|
return_value=''
|
|
|
|
|
)
|
2016-07-06 09:49:39 +00:00
|
|
|
client = Mock()
|
|
|
|
|
client.put_archive = Mock()
|
Improved Docker auth handling and other misc. Docker improvements
This commit changes how we handle Docker authentication. We no longer
try to auth when pushing/pulling images. This was initially done based
on a misunderstanding of how authentication was handled in docker-py.
docker-py will automagically use the base64-encoded username/password
combination stored in config.json if present, so we don't need to auth
at all for push or pull, docker-py will handle all of that. We just need
to make sure that we get the auth info into the config.json. To do this
I have added a login() function to the execution module, which uses the
Docker CLI to authenticate (with output_loglevel set to "quiet" to
suppress any logging of the credentials). The CLI is used in this
instance because docker-py provides no interface by which to persist a
login in the config.json; it can read from the file, but is not designed
to *write* to it. Rather than trying to write to this file ourselves,
and potentially breaking it when (not *if*) Docker decides to change the
internal format of the JSON data structure, using the CLI is a way of
future-proofing the authentication logic.
Context caching of the docker-py client instance has also been removed.
Context caching was used based on the same incorrect understanding of
how docker-py handles authentication, and sought to avoid repeated login
attempts. As that is no longer a concern, there is no need to cache the
client instance in the context dunder because we don't really gain a
performance benefit from it.
The _image_wrapper() function has been removed, as it no longer serves
any purpose, and the image-specific code in it that was still needed
has been absorbed into the _client_wrapper() helper. The functions which
used the _image_wrapper() helper (like push() and pull()) now use
_client_wrapper().
Additionally, the decorators used to enforce a minimum Docker version
(or Docker API version) have been removed. These are not necessary since
docker-py handles raising exceptions when a given feature is not
supported by the effective API version. The _client_wrapper() helper
function now checks for miscellaneous docker exceptions by catching the
docker.errors.DockerException class, which is the base class for the
custom exceptions raised by docker-py, and by doing so catches exceptions
raised due to API version incompatibility (and more).
The list of functions in the top-level docstring has been removed as it
is very out-of-date, and is somewhat superfluous anyway given that we
have for some time now had a list of the functions on the right side of
the page in the documentation.
Other changes:
- Fixed a bug I introduced when I overhauled the
docker_container.running state, in which a container with no changes
to be made, which was not running, would be started by the state even
when test=True was passed.
- Custom registry image names are now properly identified. The colon in
the hostname of the custom registry was previously causing incorrect
identification of the image name and tag, when no explicit tag was
being passed (e.g. localhost:5000/myimage).
- When configuring credentials, the creds for the Docker Hub can be
configured under a registry named ``hub``. This keeps the user from
having to figure out the registry URL and configure it in their Pillar
data, and thus makes using this module easier.
- Removes the email address from the documentation for credential
configuration. This was probably initially added because docker-py
accepts it as an argument, but it is entirely ignored for purposes of
authentication (even by docker-py) and is thus unnecessary. Relic of
an earlier time in Docker's history, perhaps?
- Fixed RST references to functions which weren't caught when this
module was renamed to dockermod.py
- Allow filter arguments in docker.networks to be passed as a
comma-separated list as well as a Python list, in keeping with general
usage elsewhere in Salt.
2017-04-02 21:27:06 +00:00
|
|
|
get_client_mock = MagicMock(return_value=client)
|
2016-07-06 09:49:39 +00:00
|
|
|
|
Improved Docker auth handling and other misc. Docker improvements
This commit changes how we handle Docker authentication. We no longer
try to auth when pushing/pulling images. This was initially done based
on a misunderstanding of how authentication was handled in docker-py.
docker-py will automagically use the base64-encoded username/password
combination stored in config.json if present, so we don't need to auth
at all for push or pull, docker-py will handle all of that. We just need
to make sure that we get the auth info into the config.json. To do this
I have added a login() function to the execution module, which uses the
Docker CLI to authenticate (with output_loglevel set to "quiet" to
suppress any logging of the credentials). The CLI is used in this
instance because docker-py provides no interface by which to persist a
login in the config.json; it can read from the file, but is not designed
to *write* to it. Rather than trying to write to this file ourselves,
and potentially breaking it when (not *if*) Docker decides to change the
internal format of the JSON data structure, using the CLI is a way of
future-proofing the authentication logic.
Context caching of the docker-py client instance has also been removed.
Context caching was used based on the same incorrect understanding of
how docker-py handles authentication, and sought to avoid repeated login
attempts. As that is no longer a concern, there is no need to cache the
client instance in the context dunder because we don't really gain a
performance benefit from it.
The _image_wrapper() function has been removed, as it no longer serves
any purpose, and the image-specific code in it that was still needed
has been absorbed into the _client_wrapper() helper. The functions which
used the _image_wrapper() helper (like push() and pull()) now use
_client_wrapper().
Additionally, the decorators used to enforce a minimum Docker version
(or Docker API version) have been removed. These are not necessary since
docker-py handles raising exceptions when a given feature is not
supported by the effective API version. The _client_wrapper() helper
function now checks for miscellaneous docker exceptions by catching the
docker.errors.DockerException class, which is the base class for the
custom exceptions raised by docker-py, and by doing so catches exceptions
raised due to API version incompatibility (and more).
The list of functions in the top-level docstring has been removed as it
is very out-of-date, and is somewhat superfluous anyway given that we
have for some time now had a list of the functions on the right side of
the page in the documentation.
Other changes:
- Fixed a bug I introduced when I overhauled the
docker_container.running state, in which a container with no changes
to be made, which was not running, would be started by the state even
when test=True was passed.
- Custom registry image names are now properly identified. The colon in
the hostname of the custom registry was previously causing incorrect
identification of the image name and tag, when no explicit tag was
being passed (e.g. localhost:5000/myimage).
- When configuring credentials, the creds for the Docker Hub can be
configured under a registry named ``hub``. This keeps the user from
having to figure out the registry URL and configure it in their Pillar
data, and thus makes using this module easier.
- Removes the email address from the documentation for credential
configuration. This was probably initially added because docker-py
accepts it as an argument, but it is entirely ignored for purposes of
authentication (even by docker-py) and is thus unnecessary. Relic of
an earlier time in Docker's history, perhaps?
- Fixed RST references to functions which weren't caught when this
module was renamed to dockermod.py
- Allow filter arguments in docker.networks to be passed as a
comma-separated list as well as a Python list, in keeping with general
usage elsewhere in Salt.
2017-04-02 21:27:06 +00:00
|
|
|
context = {'docker.exec_driver': 'docker-exec'}
|
2017-02-19 01:14:22 +00:00
|
|
|
salt_dunder = {'config.option': docker_config_mock}
|
|
|
|
|
|
|
|
|
|
with patch.object(docker_mod, 'run_all', docker_run_all_mock):
|
|
|
|
|
with patch.object(docker_mod, 'copy_to', docker_copy_to_mock):
|
Improved Docker auth handling and other misc. Docker improvements
This commit changes how we handle Docker authentication. We no longer
try to auth when pushing/pulling images. This was initially done based
on a misunderstanding of how authentication was handled in docker-py.
docker-py will automagically use the base64-encoded username/password
combination stored in config.json if present, so we don't need to auth
at all for push or pull, docker-py will handle all of that. We just need
to make sure that we get the auth info into the config.json. To do this
I have added a login() function to the execution module, which uses the
Docker CLI to authenticate (with output_loglevel set to "quiet" to
suppress any logging of the credentials). The CLI is used in this
instance because docker-py provides no interface by which to persist a
login in the config.json; it can read from the file, but is not designed
to *write* to it. Rather than trying to write to this file ourselves,
and potentially breaking it when (not *if*) Docker decides to change the
internal format of the JSON data structure, using the CLI is a way of
future-proofing the authentication logic.
Context caching of the docker-py client instance has also been removed.
Context caching was used based on the same incorrect understanding of
how docker-py handles authentication, and sought to avoid repeated login
attempts. As that is no longer a concern, there is no need to cache the
client instance in the context dunder because we don't really gain a
performance benefit from it.
The _image_wrapper() function has been removed, as it no longer serves
any purpose, and the image-specific code in it that was still needed
has been absorbed into the _client_wrapper() helper. The functions which
used the _image_wrapper() helper (like push() and pull()) now use
_client_wrapper().
Additionally, the decorators used to enforce a minimum Docker version
(or Docker API version) have been removed. These are not necessary since
docker-py handles raising exceptions when a given feature is not
supported by the effective API version. The _client_wrapper() helper
function now checks for miscellaneous docker exceptions by catching the
docker.errors.DockerException class, which is the base class for the
custom exceptions raised by docker-py, and by doing so catches exceptions
raised due to API version incompatibility (and more).
The list of functions in the top-level docstring has been removed as it
is very out-of-date, and is somewhat superfluous anyway given that we
have for some time now had a list of the functions on the right side of
the page in the documentation.
Other changes:
- Fixed a bug I introduced when I overhauled the
docker_container.running state, in which a container with no changes
to be made, which was not running, would be started by the state even
when test=True was passed.
- Custom registry image names are now properly identified. The colon in
the hostname of the custom registry was previously causing incorrect
identification of the image name and tag, when no explicit tag was
being passed (e.g. localhost:5000/myimage).
- When configuring credentials, the creds for the Docker Hub can be
configured under a registry named ``hub``. This keeps the user from
having to figure out the registry URL and configure it in their Pillar
data, and thus makes using this module easier.
- Removes the email address from the documentation for credential
configuration. This was probably initially added because docker-py
accepts it as an argument, but it is entirely ignored for purposes of
authentication (even by docker-py) and is thus unnecessary. Relic of
an earlier time in Docker's history, perhaps?
- Fixed RST references to functions which weren't caught when this
module was renamed to dockermod.py
- Allow filter arguments in docker.networks to be passed as a
comma-separated list as well as a Python list, in keeping with general
usage elsewhere in Salt.
2017-04-02 21:27:06 +00:00
|
|
|
with patch.object(docker_mod, '_get_client', get_client_mock):
|
|
|
|
|
with patch.dict(docker_mod.__opts__, {'cachedir': '/tmp'}):
|
|
|
|
|
with patch.dict(docker_mod.__salt__, salt_dunder):
|
|
|
|
|
with patch.dict(docker_mod.__context__, context):
|
|
|
|
|
# call twice to verify tmp path later
|
|
|
|
|
for i in range(2):
|
|
|
|
|
ret = docker_mod.call(
|
|
|
|
|
'ID',
|
|
|
|
|
'test.arg',
|
|
|
|
|
1, 2,
|
|
|
|
|
arg1='val1')
|
2016-09-01 17:01:39 +00:00
|
|
|
|
|
|
|
|
# Check that the directory is different each time
|
|
|
|
|
# [ call(name, [args]), ...
|
2017-05-03 00:50:03 +00:00
|
|
|
self.maxDiff = None
|
2016-09-01 17:01:39 +00:00
|
|
|
self.assertIn('mkdir', docker_run_all_mock.mock_calls[0][1][1])
|
2017-05-03 00:50:03 +00:00
|
|
|
self.assertIn('mkdir', docker_run_all_mock.mock_calls[4][1][1])
|
2016-09-01 17:01:39 +00:00
|
|
|
self.assertNotEqual(docker_run_all_mock.mock_calls[0][1][1],
|
|
|
|
|
docker_run_all_mock.mock_calls[4][1][1])
|
|
|
|
|
|
2017-05-03 00:50:03 +00:00
|
|
|
self.assertIn('salt-call', docker_run_all_mock.mock_calls[2][1][1])
|
|
|
|
|
self.assertIn('salt-call', docker_run_all_mock.mock_calls[6][1][1])
|
2016-09-01 17:01:39 +00:00
|
|
|
self.assertNotEqual(docker_run_all_mock.mock_calls[2][1][1],
|
2017-05-03 00:50:03 +00:00
|
|
|
docker_run_all_mock.mock_calls[6][1][1])
|
|
|
|
|
|
|
|
|
|
# check thin untar
|
|
|
|
|
self.assertIn('tarfile', docker_run_all_mock.mock_calls[1][1][1])
|
|
|
|
|
self.assertIn('tarfile', docker_run_all_mock.mock_calls[5][1][1])
|
|
|
|
|
self.assertNotEqual(docker_run_all_mock.mock_calls[1][1][1],
|
2016-09-01 17:01:39 +00:00
|
|
|
docker_run_all_mock.mock_calls[5][1][1])
|
|
|
|
|
|
2017-05-03 00:50:03 +00:00
|
|
|
# check directory cleanup
|
|
|
|
|
self.assertIn('rm -rf', docker_run_all_mock.mock_calls[3][1][1])
|
|
|
|
|
self.assertIn('rm -rf', docker_run_all_mock.mock_calls[7][1][1])
|
|
|
|
|
self.assertNotEqual(docker_run_all_mock.mock_calls[3][1][1],
|
|
|
|
|
docker_run_all_mock.mock_calls[7][1][1])
|
|
|
|
|
|
2016-09-01 17:01:39 +00:00
|
|
|
self.assertEqual({"retcode": 0, "comment": "container cmd"}, ret)
|
2016-07-06 09:49:39 +00:00
|
|
|
|
2016-08-15 16:58:50 +00:00
|
|
|
def test_images_with_empty_tags(self):
|
2017-08-24 19:26:28 +00:00
|
|
|
'''
|
2016-08-15 16:58:50 +00:00
|
|
|
docker 1.12 reports also images without tags with `null`.
|
2017-08-24 19:26:28 +00:00
|
|
|
'''
|
2016-08-15 16:58:50 +00:00
|
|
|
client = Mock()
|
|
|
|
|
client.api_version = '1.24'
|
|
|
|
|
client.images = Mock(
|
|
|
|
|
return_value=[{'Id': 'sha256:abcde',
|
|
|
|
|
'RepoTags': None},
|
|
|
|
|
{'Id': 'sha256:abcdef'},
|
|
|
|
|
{'Id': 'sha256:abcdefg',
|
|
|
|
|
'RepoTags': ['image:latest']}])
|
Improved Docker auth handling and other misc. Docker improvements
This commit changes how we handle Docker authentication. We no longer
try to auth when pushing/pulling images. This was initially done based
on a misunderstanding of how authentication was handled in docker-py.
docker-py will automagically use the base64-encoded username/password
combination stored in config.json if present, so we don't need to auth
at all for push or pull, docker-py will handle all of that. We just need
to make sure that we get the auth info into the config.json. To do this
I have added a login() function to the execution module, which uses the
Docker CLI to authenticate (with output_loglevel set to "quiet" to
suppress any logging of the credentials). The CLI is used in this
instance because docker-py provides no interface by which to persist a
login in the config.json; it can read from the file, but is not designed
to *write* to it. Rather than trying to write to this file ourselves,
and potentially breaking it when (not *if*) Docker decides to change the
internal format of the JSON data structure, using the CLI is a way of
future-proofing the authentication logic.
Context caching of the docker-py client instance has also been removed.
Context caching was used based on the same incorrect understanding of
how docker-py handles authentication, and sought to avoid repeated login
attempts. As that is no longer a concern, there is no need to cache the
client instance in the context dunder because we don't really gain a
performance benefit from it.
The _image_wrapper() function has been removed, as it no longer serves
any purpose, and the image-specific code in it that was still needed
has been absorbed into the _client_wrapper() helper. The functions which
used the _image_wrapper() helper (like push() and pull()) now use
_client_wrapper().
Additionally, the decorators used to enforce a minimum Docker version
(or Docker API version) have been removed. These are not necessary since
docker-py handles raising exceptions when a given feature is not
supported by the effective API version. The _client_wrapper() helper
function now checks for miscellaneous docker exceptions by catching the
docker.errors.DockerException class, which is the base class for the
custom exceptions raised by docker-py, and by doing so catches exceptions
raised due to API version incompatibility (and more).
The list of functions in the top-level docstring has been removed as it
is very out-of-date, and is somewhat superfluous anyway given that we
have for some time now had a list of the functions on the right side of
the page in the documentation.
Other changes:
- Fixed a bug I introduced when I overhauled the
docker_container.running state, in which a container with no changes
to be made, which was not running, would be started by the state even
when test=True was passed.
- Custom registry image names are now properly identified. The colon in
the hostname of the custom registry was previously causing incorrect
identification of the image name and tag, when no explicit tag was
being passed (e.g. localhost:5000/myimage).
- When configuring credentials, the creds for the Docker Hub can be
configured under a registry named ``hub``. This keeps the user from
having to figure out the registry URL and configure it in their Pillar
data, and thus makes using this module easier.
- Removes the email address from the documentation for credential
configuration. This was probably initially added because docker-py
accepts it as an argument, but it is entirely ignored for purposes of
authentication (even by docker-py) and is thus unnecessary. Relic of
an earlier time in Docker's history, perhaps?
- Fixed RST references to functions which weren't caught when this
module was renamed to dockermod.py
- Allow filter arguments in docker.networks to be passed as a
comma-separated list as well as a Python list, in keeping with general
usage elsewhere in Salt.
2017-04-02 21:27:06 +00:00
|
|
|
get_client_mock = MagicMock(return_value=client)
|
|
|
|
|
|
|
|
|
|
with patch.object(docker_mod, '_get_client', get_client_mock):
|
2017-02-12 00:22:14 +00:00
|
|
|
docker_mod._clear_context()
|
|
|
|
|
result = docker_mod.images()
|
2016-08-15 16:58:50 +00:00
|
|
|
self.assertEqual(result,
|
|
|
|
|
{'sha256:abcdefg': {'RepoTags': ['image:latest']}})
|
2017-08-23 16:57:00 +00:00
|
|
|
|
|
|
|
|
def test_compare_container_image_id_resolution(self):
|
|
|
|
|
'''
|
2017-08-24 19:09:29 +00:00
|
|
|
Test comparing two containers when one's inspect output is an ID and
|
|
|
|
|
not formatted in image:tag notation.
|
2017-08-23 16:57:00 +00:00
|
|
|
'''
|
|
|
|
|
def _inspect_container_effect(id_):
|
|
|
|
|
return {
|
|
|
|
|
'container1': {'Config': {'Image': 'realimage:latest'},
|
2017-08-24 19:09:29 +00:00
|
|
|
'HostConfig': {}},
|
2017-08-23 16:57:00 +00:00
|
|
|
'container2': {'Config': {'Image': 'image_id'},
|
2017-08-24 19:09:29 +00:00
|
|
|
'HostConfig': {}},
|
2017-08-23 16:57:00 +00:00
|
|
|
}[id_]
|
|
|
|
|
|
|
|
|
|
def _inspect_image_effect(id_):
|
|
|
|
|
return {
|
|
|
|
|
'realimage:latest': {'Id': 'image_id'},
|
|
|
|
|
'image_id': {'Id': 'image_id'},
|
|
|
|
|
}[id_]
|
|
|
|
|
|
|
|
|
|
inspect_container_mock = MagicMock(side_effect=_inspect_container_effect)
|
|
|
|
|
inspect_image_mock = MagicMock(side_effect=_inspect_image_effect)
|
|
|
|
|
|
|
|
|
|
with patch.object(docker_mod, 'inspect_container', inspect_container_mock):
|
|
|
|
|
with patch.object(docker_mod, 'inspect_image', inspect_image_mock):
|
|
|
|
|
ret = docker_mod.compare_container('container1', 'container2')
|
|
|
|
|
self.assertEqual(ret, {})
|
2017-08-24 19:26:28 +00:00
|
|
|
|
|
|
|
|
def test_resolve_tag(self):
|
|
|
|
|
'''
|
|
|
|
|
Test the resolve_tag function
|
|
|
|
|
'''
|
|
|
|
|
with_prefix = 'docker.io/foo:latest'
|
|
|
|
|
no_prefix = 'bar:latest'
|
|
|
|
|
with patch.object(docker_mod,
|
|
|
|
|
'list_tags',
|
|
|
|
|
MagicMock(return_value=[with_prefix])):
|
|
|
|
|
self.assertEqual(docker_mod.resolve_tag('foo'), with_prefix)
|
|
|
|
|
self.assertEqual(docker_mod.resolve_tag('foo:latest'), with_prefix)
|
|
|
|
|
self.assertEqual(docker_mod.resolve_tag(with_prefix), with_prefix)
|
|
|
|
|
self.assertEqual(docker_mod.resolve_tag('foo:bar'), False)
|
|
|
|
|
|
|
|
|
|
with patch.object(docker_mod,
|
|
|
|
|
'list_tags',
|
|
|
|
|
MagicMock(return_value=[no_prefix])):
|
|
|
|
|
self.assertEqual(docker_mod.resolve_tag('bar'), no_prefix)
|
|
|
|
|
self.assertEqual(docker_mod.resolve_tag(no_prefix), no_prefix)
|
|
|
|
|
self.assertEqual(docker_mod.resolve_tag('bar:baz'), False)
|
