salt/tests/unit/modules/test_dockermod.py

779 lines
32 KiB
Python
Raw Normal View History

2015-05-26 16:00:05 +00:00
# -*- coding: utf-8 -*-
'''
Unit tests for the docker module
2015-05-26 16:00:05 +00:00
'''
# Import Python Libs
from __future__ import absolute_import
# Import Salt Testing Libs
from tests.support.mixins import LoaderModuleMockMixin
from tests.support.unit import skipIf, TestCase
from tests.support.mock import (
2015-05-26 16:00:05 +00:00
MagicMock,
Mock,
NO_MOCK,
NO_MOCK_REASON,
patch
)
2015-05-26 16:00:05 +00:00
# Import Salt Libs
import salt.config
import salt.loader
from salt.ext.six.moves import range
from salt.exceptions import CommandExecutionError
import salt.modules.dockermod as docker_mod
2015-05-26 16:00:05 +00:00
def _docker_py_version():
try:
if docker_mod.HAS_DOCKER_PY:
return docker_mod.docker.version_info
except AttributeError:
pass
2017-02-23 01:20:12 +00:00
return (0,)
2015-05-26 16:00:05 +00:00
@skipIf(NO_MOCK, NO_MOCK_REASON)
2017-03-21 19:39:34 +00:00
@skipIf(docker_mod.HAS_DOCKER_PY is False, 'docker-py must be installed to run these tests. Skipping.')
class DockerTestCase(TestCase, LoaderModuleMockMixin):
2015-05-26 16:00:05 +00:00
'''
Validate docker module
2015-05-26 16:00:05 +00:00
'''
def setup_loader_modules(self):
utils = salt.loader.utils(
salt.config.DEFAULT_MINION_OPTS,
whitelist=['state']
)
return {docker_mod: {'__context__': {'docker.docker_version': ''},
'__utils__': utils}}
2015-05-26 16:00:05 +00:00
try:
docker_version = docker_mod.docker.version_info
except AttributeError:
docker_version = 0,
Improved Docker auth handling and other misc. Docker improvements This commit changes how we handle Docker authentication. We no longer try to auth when pushing/pulling images. This was initially done based on a misunderstanding of how authentication was handled in docker-py. docker-py will automagically use the base64-encoded username/password combination stored in config.json if present, so we don't need to auth at all for push or pull, docker-py will handle all of that. We just need to make sure that we get the auth info into the config.json. To do this I have added a login() function to the execution module, which uses the Docker CLI to authenticate (with output_loglevel set to "quiet" to suppress any logging of the credentials). The CLI is used in this instance because docker-py provides no interface by which to persist a login in the config.json; it can read from the file, but is not designed to *write* to it. Rather than trying to write to this file ourselves, and potentially breaking it when (not *if*) Docker decides to change the internal format of the JSON data structure, using the CLI is a way of future-proofing the authentication logic. Context caching of the docker-py client instance has also been removed. Context caching was used based on the same incorrect understanding of how docker-py handles authentication, and sought to avoid repeated login attempts. As that is no longer a concern, there is no need to cache the client instance in the context dunder because we don't really gain a performance benefit from it. The _image_wrapper() function has been removed, as it no longer serves any purpose, and the image-specific code in it that was still needed has been absorbed into the _client_wrapper() helper. The functions which used the _image_wrapper() helper (like push() and pull()) now use _client_wrapper(). Additionally, the decorators used to enforce a minimum Docker version (or Docker API version) have been removed. These are not necessary since docker-py handles raising exceptions when a given feature is not supported by the effective API version. The _client_wrapper() helper function now checks for miscellaneous docker exceptions by catching the docker.errors.DockerException class, which is the base class for the custom exceptions raised by docker-py, and by doing so catches exceptions raised due to API version incompatibility (and more). The list of functions in the top-level docstring has been removed as it is very out-of-date, and is somewhat superfluous anyway given that we have for some time now had a list of the functions on the right side of the page in the documentation. Other changes: - Fixed a bug I introduced when I overhauled the docker_container.running state, in which a container with no changes to be made, which was not running, would be started by the state even when test=True was passed. - Custom registry image names are now properly identified. The colon in the hostname of the custom registry was previously causing incorrect identification of the image name and tag, when no explicit tag was being passed (e.g. localhost:5000/myimage). - When configuring credentials, the creds for the Docker Hub can be configured under a registry named ``hub``. This keeps the user from having to figure out the registry URL and configure it in their Pillar data, and thus makes using this module easier. - Removes the email address from the documentation for credential configuration. This was probably initially added because docker-py accepts it as an argument, but it is entirely ignored for purposes of authentication (even by docker-py) and is thus unnecessary. Relic of an earlier time in Docker's history, perhaps? - Fixed RST references to functions which weren't caught when this module was renamed to dockermod.py - Allow filter arguments in docker.networks to be passed as a comma-separated list as well as a Python list, in keeping with general usage elsewhere in Salt.
2017-04-02 21:27:06 +00:00
def setUp(self):
'''
Ensure we aren't persisting context dunders between tests
'''
docker_mod.__context__.pop('docker.client', None)
2015-05-26 16:00:05 +00:00
def test_ps_with_host_true(self):
'''
Check that docker.ps called with host is ``True``,
2015-05-26 16:00:05 +00:00
include resutlt of ``network.interfaces`` command in returned result.
'''
Improved Docker auth handling and other misc. Docker improvements This commit changes how we handle Docker authentication. We no longer try to auth when pushing/pulling images. This was initially done based on a misunderstanding of how authentication was handled in docker-py. docker-py will automagically use the base64-encoded username/password combination stored in config.json if present, so we don't need to auth at all for push or pull, docker-py will handle all of that. We just need to make sure that we get the auth info into the config.json. To do this I have added a login() function to the execution module, which uses the Docker CLI to authenticate (with output_loglevel set to "quiet" to suppress any logging of the credentials). The CLI is used in this instance because docker-py provides no interface by which to persist a login in the config.json; it can read from the file, but is not designed to *write* to it. Rather than trying to write to this file ourselves, and potentially breaking it when (not *if*) Docker decides to change the internal format of the JSON data structure, using the CLI is a way of future-proofing the authentication logic. Context caching of the docker-py client instance has also been removed. Context caching was used based on the same incorrect understanding of how docker-py handles authentication, and sought to avoid repeated login attempts. As that is no longer a concern, there is no need to cache the client instance in the context dunder because we don't really gain a performance benefit from it. The _image_wrapper() function has been removed, as it no longer serves any purpose, and the image-specific code in it that was still needed has been absorbed into the _client_wrapper() helper. The functions which used the _image_wrapper() helper (like push() and pull()) now use _client_wrapper(). Additionally, the decorators used to enforce a minimum Docker version (or Docker API version) have been removed. These are not necessary since docker-py handles raising exceptions when a given feature is not supported by the effective API version. The _client_wrapper() helper function now checks for miscellaneous docker exceptions by catching the docker.errors.DockerException class, which is the base class for the custom exceptions raised by docker-py, and by doing so catches exceptions raised due to API version incompatibility (and more). The list of functions in the top-level docstring has been removed as it is very out-of-date, and is somewhat superfluous anyway given that we have for some time now had a list of the functions on the right side of the page in the documentation. Other changes: - Fixed a bug I introduced when I overhauled the docker_container.running state, in which a container with no changes to be made, which was not running, would be started by the state even when test=True was passed. - Custom registry image names are now properly identified. The colon in the hostname of the custom registry was previously causing incorrect identification of the image name and tag, when no explicit tag was being passed (e.g. localhost:5000/myimage). - When configuring credentials, the creds for the Docker Hub can be configured under a registry named ``hub``. This keeps the user from having to figure out the registry URL and configure it in their Pillar data, and thus makes using this module easier. - Removes the email address from the documentation for credential configuration. This was probably initially added because docker-py accepts it as an argument, but it is entirely ignored for purposes of authentication (even by docker-py) and is thus unnecessary. Relic of an earlier time in Docker's history, perhaps? - Fixed RST references to functions which weren't caught when this module was renamed to dockermod.py - Allow filter arguments in docker.networks to be passed as a comma-separated list as well as a Python list, in keeping with general usage elsewhere in Salt.
2017-04-02 21:27:06 +00:00
client = Mock()
client.containers = MagicMock(return_value=[])
get_client_mock = MagicMock(return_value=client)
2015-05-26 16:00:05 +00:00
network_interfaces = Mock(return_value={'mocked': None})
Improved Docker auth handling and other misc. Docker improvements This commit changes how we handle Docker authentication. We no longer try to auth when pushing/pulling images. This was initially done based on a misunderstanding of how authentication was handled in docker-py. docker-py will automagically use the base64-encoded username/password combination stored in config.json if present, so we don't need to auth at all for push or pull, docker-py will handle all of that. We just need to make sure that we get the auth info into the config.json. To do this I have added a login() function to the execution module, which uses the Docker CLI to authenticate (with output_loglevel set to "quiet" to suppress any logging of the credentials). The CLI is used in this instance because docker-py provides no interface by which to persist a login in the config.json; it can read from the file, but is not designed to *write* to it. Rather than trying to write to this file ourselves, and potentially breaking it when (not *if*) Docker decides to change the internal format of the JSON data structure, using the CLI is a way of future-proofing the authentication logic. Context caching of the docker-py client instance has also been removed. Context caching was used based on the same incorrect understanding of how docker-py handles authentication, and sought to avoid repeated login attempts. As that is no longer a concern, there is no need to cache the client instance in the context dunder because we don't really gain a performance benefit from it. The _image_wrapper() function has been removed, as it no longer serves any purpose, and the image-specific code in it that was still needed has been absorbed into the _client_wrapper() helper. The functions which used the _image_wrapper() helper (like push() and pull()) now use _client_wrapper(). Additionally, the decorators used to enforce a minimum Docker version (or Docker API version) have been removed. These are not necessary since docker-py handles raising exceptions when a given feature is not supported by the effective API version. The _client_wrapper() helper function now checks for miscellaneous docker exceptions by catching the docker.errors.DockerException class, which is the base class for the custom exceptions raised by docker-py, and by doing so catches exceptions raised due to API version incompatibility (and more). The list of functions in the top-level docstring has been removed as it is very out-of-date, and is somewhat superfluous anyway given that we have for some time now had a list of the functions on the right side of the page in the documentation. Other changes: - Fixed a bug I introduced when I overhauled the docker_container.running state, in which a container with no changes to be made, which was not running, would be started by the state even when test=True was passed. - Custom registry image names are now properly identified. The colon in the hostname of the custom registry was previously causing incorrect identification of the image name and tag, when no explicit tag was being passed (e.g. localhost:5000/myimage). - When configuring credentials, the creds for the Docker Hub can be configured under a registry named ``hub``. This keeps the user from having to figure out the registry URL and configure it in their Pillar data, and thus makes using this module easier. - Removes the email address from the documentation for credential configuration. This was probably initially added because docker-py accepts it as an argument, but it is entirely ignored for purposes of authentication (even by docker-py) and is thus unnecessary. Relic of an earlier time in Docker's history, perhaps? - Fixed RST references to functions which weren't caught when this module was renamed to dockermod.py - Allow filter arguments in docker.networks to be passed as a comma-separated list as well as a Python list, in keeping with general usage elsewhere in Salt.
2017-04-02 21:27:06 +00:00
with patch.dict(docker_mod.__salt__,
2015-05-26 16:00:05 +00:00
{'network.interfaces': network_interfaces}):
Improved Docker auth handling and other misc. Docker improvements This commit changes how we handle Docker authentication. We no longer try to auth when pushing/pulling images. This was initially done based on a misunderstanding of how authentication was handled in docker-py. docker-py will automagically use the base64-encoded username/password combination stored in config.json if present, so we don't need to auth at all for push or pull, docker-py will handle all of that. We just need to make sure that we get the auth info into the config.json. To do this I have added a login() function to the execution module, which uses the Docker CLI to authenticate (with output_loglevel set to "quiet" to suppress any logging of the credentials). The CLI is used in this instance because docker-py provides no interface by which to persist a login in the config.json; it can read from the file, but is not designed to *write* to it. Rather than trying to write to this file ourselves, and potentially breaking it when (not *if*) Docker decides to change the internal format of the JSON data structure, using the CLI is a way of future-proofing the authentication logic. Context caching of the docker-py client instance has also been removed. Context caching was used based on the same incorrect understanding of how docker-py handles authentication, and sought to avoid repeated login attempts. As that is no longer a concern, there is no need to cache the client instance in the context dunder because we don't really gain a performance benefit from it. The _image_wrapper() function has been removed, as it no longer serves any purpose, and the image-specific code in it that was still needed has been absorbed into the _client_wrapper() helper. The functions which used the _image_wrapper() helper (like push() and pull()) now use _client_wrapper(). Additionally, the decorators used to enforce a minimum Docker version (or Docker API version) have been removed. These are not necessary since docker-py handles raising exceptions when a given feature is not supported by the effective API version. The _client_wrapper() helper function now checks for miscellaneous docker exceptions by catching the docker.errors.DockerException class, which is the base class for the custom exceptions raised by docker-py, and by doing so catches exceptions raised due to API version incompatibility (and more). The list of functions in the top-level docstring has been removed as it is very out-of-date, and is somewhat superfluous anyway given that we have for some time now had a list of the functions on the right side of the page in the documentation. Other changes: - Fixed a bug I introduced when I overhauled the docker_container.running state, in which a container with no changes to be made, which was not running, would be started by the state even when test=True was passed. - Custom registry image names are now properly identified. The colon in the hostname of the custom registry was previously causing incorrect identification of the image name and tag, when no explicit tag was being passed (e.g. localhost:5000/myimage). - When configuring credentials, the creds for the Docker Hub can be configured under a registry named ``hub``. This keeps the user from having to figure out the registry URL and configure it in their Pillar data, and thus makes using this module easier. - Removes the email address from the documentation for credential configuration. This was probably initially added because docker-py accepts it as an argument, but it is entirely ignored for purposes of authentication (even by docker-py) and is thus unnecessary. Relic of an earlier time in Docker's history, perhaps? - Fixed RST references to functions which weren't caught when this module was renamed to dockermod.py - Allow filter arguments in docker.networks to be passed as a comma-separated list as well as a Python list, in keeping with general usage elsewhere in Salt.
2017-04-02 21:27:06 +00:00
with patch.object(docker_mod, '_get_client', get_client_mock):
ret = docker_mod.ps_(host=True)
2015-05-26 16:00:05 +00:00
self.assertEqual(ret,
{'host': {'interfaces': {'mocked': None}}})
2015-10-07 13:06:16 +00:00
def test_ps_with_filters(self):
'''
Check that docker.ps accept filters parameter.
2015-10-07 13:06:16 +00:00
'''
Improved Docker auth handling and other misc. Docker improvements This commit changes how we handle Docker authentication. We no longer try to auth when pushing/pulling images. This was initially done based on a misunderstanding of how authentication was handled in docker-py. docker-py will automagically use the base64-encoded username/password combination stored in config.json if present, so we don't need to auth at all for push or pull, docker-py will handle all of that. We just need to make sure that we get the auth info into the config.json. To do this I have added a login() function to the execution module, which uses the Docker CLI to authenticate (with output_loglevel set to "quiet" to suppress any logging of the credentials). The CLI is used in this instance because docker-py provides no interface by which to persist a login in the config.json; it can read from the file, but is not designed to *write* to it. Rather than trying to write to this file ourselves, and potentially breaking it when (not *if*) Docker decides to change the internal format of the JSON data structure, using the CLI is a way of future-proofing the authentication logic. Context caching of the docker-py client instance has also been removed. Context caching was used based on the same incorrect understanding of how docker-py handles authentication, and sought to avoid repeated login attempts. As that is no longer a concern, there is no need to cache the client instance in the context dunder because we don't really gain a performance benefit from it. The _image_wrapper() function has been removed, as it no longer serves any purpose, and the image-specific code in it that was still needed has been absorbed into the _client_wrapper() helper. The functions which used the _image_wrapper() helper (like push() and pull()) now use _client_wrapper(). Additionally, the decorators used to enforce a minimum Docker version (or Docker API version) have been removed. These are not necessary since docker-py handles raising exceptions when a given feature is not supported by the effective API version. The _client_wrapper() helper function now checks for miscellaneous docker exceptions by catching the docker.errors.DockerException class, which is the base class for the custom exceptions raised by docker-py, and by doing so catches exceptions raised due to API version incompatibility (and more). The list of functions in the top-level docstring has been removed as it is very out-of-date, and is somewhat superfluous anyway given that we have for some time now had a list of the functions on the right side of the page in the documentation. Other changes: - Fixed a bug I introduced when I overhauled the docker_container.running state, in which a container with no changes to be made, which was not running, would be started by the state even when test=True was passed. - Custom registry image names are now properly identified. The colon in the hostname of the custom registry was previously causing incorrect identification of the image name and tag, when no explicit tag was being passed (e.g. localhost:5000/myimage). - When configuring credentials, the creds for the Docker Hub can be configured under a registry named ``hub``. This keeps the user from having to figure out the registry URL and configure it in their Pillar data, and thus makes using this module easier. - Removes the email address from the documentation for credential configuration. This was probably initially added because docker-py accepts it as an argument, but it is entirely ignored for purposes of authentication (even by docker-py) and is thus unnecessary. Relic of an earlier time in Docker's history, perhaps? - Fixed RST references to functions which weren't caught when this module was renamed to dockermod.py - Allow filter arguments in docker.networks to be passed as a comma-separated list as well as a Python list, in keeping with general usage elsewhere in Salt.
2017-04-02 21:27:06 +00:00
client = Mock()
client.containers = MagicMock(return_value=[])
get_client_mock = MagicMock(return_value=client)
with patch.object(docker_mod, '_get_client', get_client_mock):
docker_mod.ps_(filters={'label': 'KEY'})
2015-10-07 13:06:16 +00:00
client.containers.assert_called_once_with(
all=True,
filters={'label': 'KEY'})
2017-04-10 13:00:57 +00:00
def test_check_mine_cache_is_refreshed_on_container_change_event(self):
2015-05-26 16:00:05 +00:00
'''
Every command that might modify docker containers state.
Should trig an update on ``mine.send``
'''
2017-04-10 13:00:57 +00:00
with patch.object(docker_mod, '_get_exec_driver'):
client_args_mock = MagicMock(return_value={
'create_container': [
'image', 'command', 'hostname', 'user', 'detach', 'stdin_open',
'tty', 'ports', 'environment', 'volumes', 'network_disabled',
'name', 'entrypoint', 'working_dir', 'domainname', 'cpuset',
'host_config', 'mac_address', 'labels', 'volume_driver',
'stop_signal', 'networking_config', 'healthcheck',
'stop_timeout'],
'host_config': [
'binds', 'port_bindings', 'lxc_conf', 'publish_all_ports',
'links', 'privileged', 'dns', 'dns_search', 'volumes_from',
'network_mode', 'restart_policy', 'cap_add', 'cap_drop',
'devices', 'extra_hosts', 'read_only', 'pid_mode', 'ipc_mode',
'security_opt', 'ulimits', 'log_config', 'mem_limit',
'memswap_limit', 'mem_reservation', 'kernel_memory',
'mem_swappiness', 'cgroup_parent', 'group_add', 'cpu_quota',
'cpu_period', 'blkio_weight', 'blkio_weight_device',
'device_read_bps', 'device_write_bps', 'device_read_iops',
'device_write_iops', 'oom_kill_disable', 'shm_size', 'sysctls',
'tmpfs', 'oom_score_adj', 'dns_opt', 'cpu_shares',
'cpuset_cpus', 'userns_mode', 'pids_limit', 'isolation',
'auto_remove', 'storage_opt'],
'networking_config': [
'aliases', 'links', 'ipv4_address', 'ipv6_address',
'link_local_ips'],
}
)
for command_name, args in (('create', ()),
('rm_', ()),
('kill', ()),
('pause', ()),
('signal_', ('KILL',)),
Many improvements to docker network and container states Much Improved Support for Docker Networking =========================================== The `docker_network.present` state has undergone a full rewrite, which includes the following improvements: Full API Support for Network Management --------------------------------------- The improvements made to input handling in the `docker_container.running` state for 2017.7.0 have now been expanded to docker_network.present`. This brings with it full support for all tunable configuration arguments. Custom Subnets -------------- Custom subnets can now be configured. Both IPv4 and mixed IPv4/IPv6 networks are supported. Network Configuration in :py:func:`docker_container.running` States ------------------------------------------------------------------- It is now possible to configure static IPv4/IPv6 addresses, as well as links and labels. Improved Handling of Images from Custom Registries ================================================== Rather than attempting to parse the tag from the passed image name, Salt will now resolve that tag down to an image ID and use that ID instead. Due to this change, there are some backward-incompatible changes to image management. See below for a full list of these changes. Backward-incompatible Changes to Docker Image Management -------------------------------------------------------- Passing image names to the following functions must now be done using separate `repository` and `tag` arguments: - `docker.build` - `docker.commit` - `docker.import` - `docker.load` - `docker.tag` - `docker.sls_build` Additionally, the `tag` argument must now be explicitly passed to the `docker_image.present` state, unless the image is being pulled from a docker registry.
2017-11-01 02:04:41 +00:00
('start_', ()),
2017-04-10 13:00:57 +00:00
('stop', ()),
('unpause', ()),
('_run', ('command',)),
('_script', ('command',)),
):
mine_send = Mock()
command = getattr(docker_mod, command_name)
client = MagicMock()
client.api_version = '1.12'
with patch.dict(docker_mod.__salt__,
{'mine.send': mine_send,
'container_resource.run': MagicMock(),
'cp.cache_file': MagicMock(return_value=False)}):
with patch.dict(docker_mod.__utils__,
{'docker.get_client_args': client_args_mock}):
with patch.object(docker_mod, '_get_client', client):
command('container', *args)
2017-04-10 13:00:57 +00:00
mine_send.assert_called_with('docker.ps', verbose=True, all=True,
host=True)
2015-05-26 16:00:05 +00:00
@skipIf(_docker_py_version() < (1, 5, 0),
'docker module must be installed to run this test or is too old. >=1.5.0')
def test_list_networks(self, *args):
'''
test list networks.
'''
__salt__ = {
'config.get': Mock(),
'mine.send': Mock(),
}
host_config = {}
client = Mock()
client.api_version = '1.21'
Many improvements to docker network and container states Much Improved Support for Docker Networking =========================================== The `docker_network.present` state has undergone a full rewrite, which includes the following improvements: Full API Support for Network Management --------------------------------------- The improvements made to input handling in the `docker_container.running` state for 2017.7.0 have now been expanded to docker_network.present`. This brings with it full support for all tunable configuration arguments. Custom Subnets -------------- Custom subnets can now be configured. Both IPv4 and mixed IPv4/IPv6 networks are supported. Network Configuration in :py:func:`docker_container.running` States ------------------------------------------------------------------- It is now possible to configure static IPv4/IPv6 addresses, as well as links and labels. Improved Handling of Images from Custom Registries ================================================== Rather than attempting to parse the tag from the passed image name, Salt will now resolve that tag down to an image ID and use that ID instead. Due to this change, there are some backward-incompatible changes to image management. See below for a full list of these changes. Backward-incompatible Changes to Docker Image Management -------------------------------------------------------- Passing image names to the following functions must now be done using separate `repository` and `tag` arguments: - `docker.build` - `docker.commit` - `docker.import` - `docker.load` - `docker.tag` - `docker.sls_build` Additionally, the `tag` argument must now be explicitly passed to the `docker_image.present` state, unless the image is being pulled from a docker registry.
2017-11-01 02:04:41 +00:00
client.networks = Mock(return_value=[
{'Name': 'foo',
'Id': '01234',
'Containers': {}}
])
Improved Docker auth handling and other misc. Docker improvements This commit changes how we handle Docker authentication. We no longer try to auth when pushing/pulling images. This was initially done based on a misunderstanding of how authentication was handled in docker-py. docker-py will automagically use the base64-encoded username/password combination stored in config.json if present, so we don't need to auth at all for push or pull, docker-py will handle all of that. We just need to make sure that we get the auth info into the config.json. To do this I have added a login() function to the execution module, which uses the Docker CLI to authenticate (with output_loglevel set to "quiet" to suppress any logging of the credentials). The CLI is used in this instance because docker-py provides no interface by which to persist a login in the config.json; it can read from the file, but is not designed to *write* to it. Rather than trying to write to this file ourselves, and potentially breaking it when (not *if*) Docker decides to change the internal format of the JSON data structure, using the CLI is a way of future-proofing the authentication logic. Context caching of the docker-py client instance has also been removed. Context caching was used based on the same incorrect understanding of how docker-py handles authentication, and sought to avoid repeated login attempts. As that is no longer a concern, there is no need to cache the client instance in the context dunder because we don't really gain a performance benefit from it. The _image_wrapper() function has been removed, as it no longer serves any purpose, and the image-specific code in it that was still needed has been absorbed into the _client_wrapper() helper. The functions which used the _image_wrapper() helper (like push() and pull()) now use _client_wrapper(). Additionally, the decorators used to enforce a minimum Docker version (or Docker API version) have been removed. These are not necessary since docker-py handles raising exceptions when a given feature is not supported by the effective API version. The _client_wrapper() helper function now checks for miscellaneous docker exceptions by catching the docker.errors.DockerException class, which is the base class for the custom exceptions raised by docker-py, and by doing so catches exceptions raised due to API version incompatibility (and more). The list of functions in the top-level docstring has been removed as it is very out-of-date, and is somewhat superfluous anyway given that we have for some time now had a list of the functions on the right side of the page in the documentation. Other changes: - Fixed a bug I introduced when I overhauled the docker_container.running state, in which a container with no changes to be made, which was not running, would be started by the state even when test=True was passed. - Custom registry image names are now properly identified. The colon in the hostname of the custom registry was previously causing incorrect identification of the image name and tag, when no explicit tag was being passed (e.g. localhost:5000/myimage). - When configuring credentials, the creds for the Docker Hub can be configured under a registry named ``hub``. This keeps the user from having to figure out the registry URL and configure it in their Pillar data, and thus makes using this module easier. - Removes the email address from the documentation for credential configuration. This was probably initially added because docker-py accepts it as an argument, but it is entirely ignored for purposes of authentication (even by docker-py) and is thus unnecessary. Relic of an earlier time in Docker's history, perhaps? - Fixed RST references to functions which weren't caught when this module was renamed to dockermod.py - Allow filter arguments in docker.networks to be passed as a comma-separated list as well as a Python list, in keeping with general usage elsewhere in Salt.
2017-04-02 21:27:06 +00:00
get_client_mock = MagicMock(return_value=client)
with patch.dict(docker_mod.__dict__,
{'__salt__': __salt__}):
Improved Docker auth handling and other misc. Docker improvements This commit changes how we handle Docker authentication. We no longer try to auth when pushing/pulling images. This was initially done based on a misunderstanding of how authentication was handled in docker-py. docker-py will automagically use the base64-encoded username/password combination stored in config.json if present, so we don't need to auth at all for push or pull, docker-py will handle all of that. We just need to make sure that we get the auth info into the config.json. To do this I have added a login() function to the execution module, which uses the Docker CLI to authenticate (with output_loglevel set to "quiet" to suppress any logging of the credentials). The CLI is used in this instance because docker-py provides no interface by which to persist a login in the config.json; it can read from the file, but is not designed to *write* to it. Rather than trying to write to this file ourselves, and potentially breaking it when (not *if*) Docker decides to change the internal format of the JSON data structure, using the CLI is a way of future-proofing the authentication logic. Context caching of the docker-py client instance has also been removed. Context caching was used based on the same incorrect understanding of how docker-py handles authentication, and sought to avoid repeated login attempts. As that is no longer a concern, there is no need to cache the client instance in the context dunder because we don't really gain a performance benefit from it. The _image_wrapper() function has been removed, as it no longer serves any purpose, and the image-specific code in it that was still needed has been absorbed into the _client_wrapper() helper. The functions which used the _image_wrapper() helper (like push() and pull()) now use _client_wrapper(). Additionally, the decorators used to enforce a minimum Docker version (or Docker API version) have been removed. These are not necessary since docker-py handles raising exceptions when a given feature is not supported by the effective API version. The _client_wrapper() helper function now checks for miscellaneous docker exceptions by catching the docker.errors.DockerException class, which is the base class for the custom exceptions raised by docker-py, and by doing so catches exceptions raised due to API version incompatibility (and more). The list of functions in the top-level docstring has been removed as it is very out-of-date, and is somewhat superfluous anyway given that we have for some time now had a list of the functions on the right side of the page in the documentation. Other changes: - Fixed a bug I introduced when I overhauled the docker_container.running state, in which a container with no changes to be made, which was not running, would be started by the state even when test=True was passed. - Custom registry image names are now properly identified. The colon in the hostname of the custom registry was previously causing incorrect identification of the image name and tag, when no explicit tag was being passed (e.g. localhost:5000/myimage). - When configuring credentials, the creds for the Docker Hub can be configured under a registry named ``hub``. This keeps the user from having to figure out the registry URL and configure it in their Pillar data, and thus makes using this module easier. - Removes the email address from the documentation for credential configuration. This was probably initially added because docker-py accepts it as an argument, but it is entirely ignored for purposes of authentication (even by docker-py) and is thus unnecessary. Relic of an earlier time in Docker's history, perhaps? - Fixed RST references to functions which weren't caught when this module was renamed to dockermod.py - Allow filter arguments in docker.networks to be passed as a comma-separated list as well as a Python list, in keeping with general usage elsewhere in Salt.
2017-04-02 21:27:06 +00:00
with patch.object(docker_mod, '_get_client', get_client_mock):
docker_mod.networks(names=['foo'], ids=['01234'])
client.networks.assert_called_once_with(names=['foo'], ids=['01234'])
@skipIf(docker_version < (1, 5, 0),
'docker module must be installed to run this test or is too old. >=1.5.0')
def test_create_network(self, *args):
'''
test create network.
'''
__salt__ = {
'config.get': Mock(),
'mine.send': Mock(),
}
host_config = {}
client = Mock()
client.api_version = '1.21'
Improved Docker auth handling and other misc. Docker improvements This commit changes how we handle Docker authentication. We no longer try to auth when pushing/pulling images. This was initially done based on a misunderstanding of how authentication was handled in docker-py. docker-py will automagically use the base64-encoded username/password combination stored in config.json if present, so we don't need to auth at all for push or pull, docker-py will handle all of that. We just need to make sure that we get the auth info into the config.json. To do this I have added a login() function to the execution module, which uses the Docker CLI to authenticate (with output_loglevel set to "quiet" to suppress any logging of the credentials). The CLI is used in this instance because docker-py provides no interface by which to persist a login in the config.json; it can read from the file, but is not designed to *write* to it. Rather than trying to write to this file ourselves, and potentially breaking it when (not *if*) Docker decides to change the internal format of the JSON data structure, using the CLI is a way of future-proofing the authentication logic. Context caching of the docker-py client instance has also been removed. Context caching was used based on the same incorrect understanding of how docker-py handles authentication, and sought to avoid repeated login attempts. As that is no longer a concern, there is no need to cache the client instance in the context dunder because we don't really gain a performance benefit from it. The _image_wrapper() function has been removed, as it no longer serves any purpose, and the image-specific code in it that was still needed has been absorbed into the _client_wrapper() helper. The functions which used the _image_wrapper() helper (like push() and pull()) now use _client_wrapper(). Additionally, the decorators used to enforce a minimum Docker version (or Docker API version) have been removed. These are not necessary since docker-py handles raising exceptions when a given feature is not supported by the effective API version. The _client_wrapper() helper function now checks for miscellaneous docker exceptions by catching the docker.errors.DockerException class, which is the base class for the custom exceptions raised by docker-py, and by doing so catches exceptions raised due to API version incompatibility (and more). The list of functions in the top-level docstring has been removed as it is very out-of-date, and is somewhat superfluous anyway given that we have for some time now had a list of the functions on the right side of the page in the documentation. Other changes: - Fixed a bug I introduced when I overhauled the docker_container.running state, in which a container with no changes to be made, which was not running, would be started by the state even when test=True was passed. - Custom registry image names are now properly identified. The colon in the hostname of the custom registry was previously causing incorrect identification of the image name and tag, when no explicit tag was being passed (e.g. localhost:5000/myimage). - When configuring credentials, the creds for the Docker Hub can be configured under a registry named ``hub``. This keeps the user from having to figure out the registry URL and configure it in their Pillar data, and thus makes using this module easier. - Removes the email address from the documentation for credential configuration. This was probably initially added because docker-py accepts it as an argument, but it is entirely ignored for purposes of authentication (even by docker-py) and is thus unnecessary. Relic of an earlier time in Docker's history, perhaps? - Fixed RST references to functions which weren't caught when this module was renamed to dockermod.py - Allow filter arguments in docker.networks to be passed as a comma-separated list as well as a Python list, in keeping with general usage elsewhere in Salt.
2017-04-02 21:27:06 +00:00
get_client_mock = MagicMock(return_value=client)
with patch.dict(docker_mod.__dict__,
{'__salt__': __salt__}):
Improved Docker auth handling and other misc. Docker improvements This commit changes how we handle Docker authentication. We no longer try to auth when pushing/pulling images. This was initially done based on a misunderstanding of how authentication was handled in docker-py. docker-py will automagically use the base64-encoded username/password combination stored in config.json if present, so we don't need to auth at all for push or pull, docker-py will handle all of that. We just need to make sure that we get the auth info into the config.json. To do this I have added a login() function to the execution module, which uses the Docker CLI to authenticate (with output_loglevel set to "quiet" to suppress any logging of the credentials). The CLI is used in this instance because docker-py provides no interface by which to persist a login in the config.json; it can read from the file, but is not designed to *write* to it. Rather than trying to write to this file ourselves, and potentially breaking it when (not *if*) Docker decides to change the internal format of the JSON data structure, using the CLI is a way of future-proofing the authentication logic. Context caching of the docker-py client instance has also been removed. Context caching was used based on the same incorrect understanding of how docker-py handles authentication, and sought to avoid repeated login attempts. As that is no longer a concern, there is no need to cache the client instance in the context dunder because we don't really gain a performance benefit from it. The _image_wrapper() function has been removed, as it no longer serves any purpose, and the image-specific code in it that was still needed has been absorbed into the _client_wrapper() helper. The functions which used the _image_wrapper() helper (like push() and pull()) now use _client_wrapper(). Additionally, the decorators used to enforce a minimum Docker version (or Docker API version) have been removed. These are not necessary since docker-py handles raising exceptions when a given feature is not supported by the effective API version. The _client_wrapper() helper function now checks for miscellaneous docker exceptions by catching the docker.errors.DockerException class, which is the base class for the custom exceptions raised by docker-py, and by doing so catches exceptions raised due to API version incompatibility (and more). The list of functions in the top-level docstring has been removed as it is very out-of-date, and is somewhat superfluous anyway given that we have for some time now had a list of the functions on the right side of the page in the documentation. Other changes: - Fixed a bug I introduced when I overhauled the docker_container.running state, in which a container with no changes to be made, which was not running, would be started by the state even when test=True was passed. - Custom registry image names are now properly identified. The colon in the hostname of the custom registry was previously causing incorrect identification of the image name and tag, when no explicit tag was being passed (e.g. localhost:5000/myimage). - When configuring credentials, the creds for the Docker Hub can be configured under a registry named ``hub``. This keeps the user from having to figure out the registry URL and configure it in their Pillar data, and thus makes using this module easier. - Removes the email address from the documentation for credential configuration. This was probably initially added because docker-py accepts it as an argument, but it is entirely ignored for purposes of authentication (even by docker-py) and is thus unnecessary. Relic of an earlier time in Docker's history, perhaps? - Fixed RST references to functions which weren't caught when this module was renamed to dockermod.py - Allow filter arguments in docker.networks to be passed as a comma-separated list as well as a Python list, in keeping with general usage elsewhere in Salt.
2017-04-02 21:27:06 +00:00
with patch.object(docker_mod, '_get_client', get_client_mock):
docker_mod.create_network('foo',
driver='bridge',
driver_opts={},
gateway='192.168.0.1',
ip_range='192.168.0.128/25',
subnet='192.168.0.0/24'
)
client.create_network.assert_called_once_with('foo',
driver='bridge',
options={},
ipam={
'Config': [{
'Gateway': '192.168.0.1',
'IPRange': '192.168.0.128/25',
'Subnet': '192.168.0.0/24'
}],
'Driver': 'default',
},
check_duplicate=True)
@skipIf(docker_version < (1, 5, 0),
'docker module must be installed to run this test or is too old. >=1.5.0')
def test_remove_network(self, *args):
'''
test remove network.
'''
__salt__ = {
'config.get': Mock(),
'mine.send': Mock(),
}
host_config = {}
client = Mock()
client.api_version = '1.21'
Improved Docker auth handling and other misc. Docker improvements This commit changes how we handle Docker authentication. We no longer try to auth when pushing/pulling images. This was initially done based on a misunderstanding of how authentication was handled in docker-py. docker-py will automagically use the base64-encoded username/password combination stored in config.json if present, so we don't need to auth at all for push or pull, docker-py will handle all of that. We just need to make sure that we get the auth info into the config.json. To do this I have added a login() function to the execution module, which uses the Docker CLI to authenticate (with output_loglevel set to "quiet" to suppress any logging of the credentials). The CLI is used in this instance because docker-py provides no interface by which to persist a login in the config.json; it can read from the file, but is not designed to *write* to it. Rather than trying to write to this file ourselves, and potentially breaking it when (not *if*) Docker decides to change the internal format of the JSON data structure, using the CLI is a way of future-proofing the authentication logic. Context caching of the docker-py client instance has also been removed. Context caching was used based on the same incorrect understanding of how docker-py handles authentication, and sought to avoid repeated login attempts. As that is no longer a concern, there is no need to cache the client instance in the context dunder because we don't really gain a performance benefit from it. The _image_wrapper() function has been removed, as it no longer serves any purpose, and the image-specific code in it that was still needed has been absorbed into the _client_wrapper() helper. The functions which used the _image_wrapper() helper (like push() and pull()) now use _client_wrapper(). Additionally, the decorators used to enforce a minimum Docker version (or Docker API version) have been removed. These are not necessary since docker-py handles raising exceptions when a given feature is not supported by the effective API version. The _client_wrapper() helper function now checks for miscellaneous docker exceptions by catching the docker.errors.DockerException class, which is the base class for the custom exceptions raised by docker-py, and by doing so catches exceptions raised due to API version incompatibility (and more). The list of functions in the top-level docstring has been removed as it is very out-of-date, and is somewhat superfluous anyway given that we have for some time now had a list of the functions on the right side of the page in the documentation. Other changes: - Fixed a bug I introduced when I overhauled the docker_container.running state, in which a container with no changes to be made, which was not running, would be started by the state even when test=True was passed. - Custom registry image names are now properly identified. The colon in the hostname of the custom registry was previously causing incorrect identification of the image name and tag, when no explicit tag was being passed (e.g. localhost:5000/myimage). - When configuring credentials, the creds for the Docker Hub can be configured under a registry named ``hub``. This keeps the user from having to figure out the registry URL and configure it in their Pillar data, and thus makes using this module easier. - Removes the email address from the documentation for credential configuration. This was probably initially added because docker-py accepts it as an argument, but it is entirely ignored for purposes of authentication (even by docker-py) and is thus unnecessary. Relic of an earlier time in Docker's history, perhaps? - Fixed RST references to functions which weren't caught when this module was renamed to dockermod.py - Allow filter arguments in docker.networks to be passed as a comma-separated list as well as a Python list, in keeping with general usage elsewhere in Salt.
2017-04-02 21:27:06 +00:00
get_client_mock = MagicMock(return_value=client)
with patch.dict(docker_mod.__dict__,
{'__salt__': __salt__}):
Improved Docker auth handling and other misc. Docker improvements This commit changes how we handle Docker authentication. We no longer try to auth when pushing/pulling images. This was initially done based on a misunderstanding of how authentication was handled in docker-py. docker-py will automagically use the base64-encoded username/password combination stored in config.json if present, so we don't need to auth at all for push or pull, docker-py will handle all of that. We just need to make sure that we get the auth info into the config.json. To do this I have added a login() function to the execution module, which uses the Docker CLI to authenticate (with output_loglevel set to "quiet" to suppress any logging of the credentials). The CLI is used in this instance because docker-py provides no interface by which to persist a login in the config.json; it can read from the file, but is not designed to *write* to it. Rather than trying to write to this file ourselves, and potentially breaking it when (not *if*) Docker decides to change the internal format of the JSON data structure, using the CLI is a way of future-proofing the authentication logic. Context caching of the docker-py client instance has also been removed. Context caching was used based on the same incorrect understanding of how docker-py handles authentication, and sought to avoid repeated login attempts. As that is no longer a concern, there is no need to cache the client instance in the context dunder because we don't really gain a performance benefit from it. The _image_wrapper() function has been removed, as it no longer serves any purpose, and the image-specific code in it that was still needed has been absorbed into the _client_wrapper() helper. The functions which used the _image_wrapper() helper (like push() and pull()) now use _client_wrapper(). Additionally, the decorators used to enforce a minimum Docker version (or Docker API version) have been removed. These are not necessary since docker-py handles raising exceptions when a given feature is not supported by the effective API version. The _client_wrapper() helper function now checks for miscellaneous docker exceptions by catching the docker.errors.DockerException class, which is the base class for the custom exceptions raised by docker-py, and by doing so catches exceptions raised due to API version incompatibility (and more). The list of functions in the top-level docstring has been removed as it is very out-of-date, and is somewhat superfluous anyway given that we have for some time now had a list of the functions on the right side of the page in the documentation. Other changes: - Fixed a bug I introduced when I overhauled the docker_container.running state, in which a container with no changes to be made, which was not running, would be started by the state even when test=True was passed. - Custom registry image names are now properly identified. The colon in the hostname of the custom registry was previously causing incorrect identification of the image name and tag, when no explicit tag was being passed (e.g. localhost:5000/myimage). - When configuring credentials, the creds for the Docker Hub can be configured under a registry named ``hub``. This keeps the user from having to figure out the registry URL and configure it in their Pillar data, and thus makes using this module easier. - Removes the email address from the documentation for credential configuration. This was probably initially added because docker-py accepts it as an argument, but it is entirely ignored for purposes of authentication (even by docker-py) and is thus unnecessary. Relic of an earlier time in Docker's history, perhaps? - Fixed RST references to functions which weren't caught when this module was renamed to dockermod.py - Allow filter arguments in docker.networks to be passed as a comma-separated list as well as a Python list, in keeping with general usage elsewhere in Salt.
2017-04-02 21:27:06 +00:00
with patch.object(docker_mod, '_get_client', get_client_mock):
docker_mod.remove_network('foo')
client.remove_network.assert_called_once_with('foo')
@skipIf(docker_version < (1, 5, 0),
'docker module must be installed to run this test or is too old. >=1.5.0')
def test_inspect_network(self, *args):
'''
test inspect network.
'''
__salt__ = {
'config.get': Mock(),
'mine.send': Mock(),
}
host_config = {}
client = Mock()
client.api_version = '1.21'
Improved Docker auth handling and other misc. Docker improvements This commit changes how we handle Docker authentication. We no longer try to auth when pushing/pulling images. This was initially done based on a misunderstanding of how authentication was handled in docker-py. docker-py will automagically use the base64-encoded username/password combination stored in config.json if present, so we don't need to auth at all for push or pull, docker-py will handle all of that. We just need to make sure that we get the auth info into the config.json. To do this I have added a login() function to the execution module, which uses the Docker CLI to authenticate (with output_loglevel set to "quiet" to suppress any logging of the credentials). The CLI is used in this instance because docker-py provides no interface by which to persist a login in the config.json; it can read from the file, but is not designed to *write* to it. Rather than trying to write to this file ourselves, and potentially breaking it when (not *if*) Docker decides to change the internal format of the JSON data structure, using the CLI is a way of future-proofing the authentication logic. Context caching of the docker-py client instance has also been removed. Context caching was used based on the same incorrect understanding of how docker-py handles authentication, and sought to avoid repeated login attempts. As that is no longer a concern, there is no need to cache the client instance in the context dunder because we don't really gain a performance benefit from it. The _image_wrapper() function has been removed, as it no longer serves any purpose, and the image-specific code in it that was still needed has been absorbed into the _client_wrapper() helper. The functions which used the _image_wrapper() helper (like push() and pull()) now use _client_wrapper(). Additionally, the decorators used to enforce a minimum Docker version (or Docker API version) have been removed. These are not necessary since docker-py handles raising exceptions when a given feature is not supported by the effective API version. The _client_wrapper() helper function now checks for miscellaneous docker exceptions by catching the docker.errors.DockerException class, which is the base class for the custom exceptions raised by docker-py, and by doing so catches exceptions raised due to API version incompatibility (and more). The list of functions in the top-level docstring has been removed as it is very out-of-date, and is somewhat superfluous anyway given that we have for some time now had a list of the functions on the right side of the page in the documentation. Other changes: - Fixed a bug I introduced when I overhauled the docker_container.running state, in which a container with no changes to be made, which was not running, would be started by the state even when test=True was passed. - Custom registry image names are now properly identified. The colon in the hostname of the custom registry was previously causing incorrect identification of the image name and tag, when no explicit tag was being passed (e.g. localhost:5000/myimage). - When configuring credentials, the creds for the Docker Hub can be configured under a registry named ``hub``. This keeps the user from having to figure out the registry URL and configure it in their Pillar data, and thus makes using this module easier. - Removes the email address from the documentation for credential configuration. This was probably initially added because docker-py accepts it as an argument, but it is entirely ignored for purposes of authentication (even by docker-py) and is thus unnecessary. Relic of an earlier time in Docker's history, perhaps? - Fixed RST references to functions which weren't caught when this module was renamed to dockermod.py - Allow filter arguments in docker.networks to be passed as a comma-separated list as well as a Python list, in keeping with general usage elsewhere in Salt.
2017-04-02 21:27:06 +00:00
get_client_mock = MagicMock(return_value=client)
with patch.dict(docker_mod.__dict__,
{'__salt__': __salt__}):
Improved Docker auth handling and other misc. Docker improvements This commit changes how we handle Docker authentication. We no longer try to auth when pushing/pulling images. This was initially done based on a misunderstanding of how authentication was handled in docker-py. docker-py will automagically use the base64-encoded username/password combination stored in config.json if present, so we don't need to auth at all for push or pull, docker-py will handle all of that. We just need to make sure that we get the auth info into the config.json. To do this I have added a login() function to the execution module, which uses the Docker CLI to authenticate (with output_loglevel set to "quiet" to suppress any logging of the credentials). The CLI is used in this instance because docker-py provides no interface by which to persist a login in the config.json; it can read from the file, but is not designed to *write* to it. Rather than trying to write to this file ourselves, and potentially breaking it when (not *if*) Docker decides to change the internal format of the JSON data structure, using the CLI is a way of future-proofing the authentication logic. Context caching of the docker-py client instance has also been removed. Context caching was used based on the same incorrect understanding of how docker-py handles authentication, and sought to avoid repeated login attempts. As that is no longer a concern, there is no need to cache the client instance in the context dunder because we don't really gain a performance benefit from it. The _image_wrapper() function has been removed, as it no longer serves any purpose, and the image-specific code in it that was still needed has been absorbed into the _client_wrapper() helper. The functions which used the _image_wrapper() helper (like push() and pull()) now use _client_wrapper(). Additionally, the decorators used to enforce a minimum Docker version (or Docker API version) have been removed. These are not necessary since docker-py handles raising exceptions when a given feature is not supported by the effective API version. The _client_wrapper() helper function now checks for miscellaneous docker exceptions by catching the docker.errors.DockerException class, which is the base class for the custom exceptions raised by docker-py, and by doing so catches exceptions raised due to API version incompatibility (and more). The list of functions in the top-level docstring has been removed as it is very out-of-date, and is somewhat superfluous anyway given that we have for some time now had a list of the functions on the right side of the page in the documentation. Other changes: - Fixed a bug I introduced when I overhauled the docker_container.running state, in which a container with no changes to be made, which was not running, would be started by the state even when test=True was passed. - Custom registry image names are now properly identified. The colon in the hostname of the custom registry was previously causing incorrect identification of the image name and tag, when no explicit tag was being passed (e.g. localhost:5000/myimage). - When configuring credentials, the creds for the Docker Hub can be configured under a registry named ``hub``. This keeps the user from having to figure out the registry URL and configure it in their Pillar data, and thus makes using this module easier. - Removes the email address from the documentation for credential configuration. This was probably initially added because docker-py accepts it as an argument, but it is entirely ignored for purposes of authentication (even by docker-py) and is thus unnecessary. Relic of an earlier time in Docker's history, perhaps? - Fixed RST references to functions which weren't caught when this module was renamed to dockermod.py - Allow filter arguments in docker.networks to be passed as a comma-separated list as well as a Python list, in keeping with general usage elsewhere in Salt.
2017-04-02 21:27:06 +00:00
with patch.object(docker_mod, '_get_client', get_client_mock):
docker_mod.inspect_network('foo')
client.inspect_network.assert_called_once_with('foo')
@skipIf(docker_version < (1, 5, 0),
'docker module must be installed to run this test or is too old. >=1.5.0')
def test_connect_container_to_network(self, *args):
'''
Improved Docker auth handling and other misc. Docker improvements This commit changes how we handle Docker authentication. We no longer try to auth when pushing/pulling images. This was initially done based on a misunderstanding of how authentication was handled in docker-py. docker-py will automagically use the base64-encoded username/password combination stored in config.json if present, so we don't need to auth at all for push or pull, docker-py will handle all of that. We just need to make sure that we get the auth info into the config.json. To do this I have added a login() function to the execution module, which uses the Docker CLI to authenticate (with output_loglevel set to "quiet" to suppress any logging of the credentials). The CLI is used in this instance because docker-py provides no interface by which to persist a login in the config.json; it can read from the file, but is not designed to *write* to it. Rather than trying to write to this file ourselves, and potentially breaking it when (not *if*) Docker decides to change the internal format of the JSON data structure, using the CLI is a way of future-proofing the authentication logic. Context caching of the docker-py client instance has also been removed. Context caching was used based on the same incorrect understanding of how docker-py handles authentication, and sought to avoid repeated login attempts. As that is no longer a concern, there is no need to cache the client instance in the context dunder because we don't really gain a performance benefit from it. The _image_wrapper() function has been removed, as it no longer serves any purpose, and the image-specific code in it that was still needed has been absorbed into the _client_wrapper() helper. The functions which used the _image_wrapper() helper (like push() and pull()) now use _client_wrapper(). Additionally, the decorators used to enforce a minimum Docker version (or Docker API version) have been removed. These are not necessary since docker-py handles raising exceptions when a given feature is not supported by the effective API version. The _client_wrapper() helper function now checks for miscellaneous docker exceptions by catching the docker.errors.DockerException class, which is the base class for the custom exceptions raised by docker-py, and by doing so catches exceptions raised due to API version incompatibility (and more). The list of functions in the top-level docstring has been removed as it is very out-of-date, and is somewhat superfluous anyway given that we have for some time now had a list of the functions on the right side of the page in the documentation. Other changes: - Fixed a bug I introduced when I overhauled the docker_container.running state, in which a container with no changes to be made, which was not running, would be started by the state even when test=True was passed. - Custom registry image names are now properly identified. The colon in the hostname of the custom registry was previously causing incorrect identification of the image name and tag, when no explicit tag was being passed (e.g. localhost:5000/myimage). - When configuring credentials, the creds for the Docker Hub can be configured under a registry named ``hub``. This keeps the user from having to figure out the registry URL and configure it in their Pillar data, and thus makes using this module easier. - Removes the email address from the documentation for credential configuration. This was probably initially added because docker-py accepts it as an argument, but it is entirely ignored for purposes of authentication (even by docker-py) and is thus unnecessary. Relic of an earlier time in Docker's history, perhaps? - Fixed RST references to functions which weren't caught when this module was renamed to dockermod.py - Allow filter arguments in docker.networks to be passed as a comma-separated list as well as a Python list, in keeping with general usage elsewhere in Salt.
2017-04-02 21:27:06 +00:00
test connect_container_to_network
'''
__salt__ = {
'config.get': Mock(),
'mine.send': Mock(),
}
host_config = {}
client = Mock()
client.api_version = '1.21'
Improved Docker auth handling and other misc. Docker improvements This commit changes how we handle Docker authentication. We no longer try to auth when pushing/pulling images. This was initially done based on a misunderstanding of how authentication was handled in docker-py. docker-py will automagically use the base64-encoded username/password combination stored in config.json if present, so we don't need to auth at all for push or pull, docker-py will handle all of that. We just need to make sure that we get the auth info into the config.json. To do this I have added a login() function to the execution module, which uses the Docker CLI to authenticate (with output_loglevel set to "quiet" to suppress any logging of the credentials). The CLI is used in this instance because docker-py provides no interface by which to persist a login in the config.json; it can read from the file, but is not designed to *write* to it. Rather than trying to write to this file ourselves, and potentially breaking it when (not *if*) Docker decides to change the internal format of the JSON data structure, using the CLI is a way of future-proofing the authentication logic. Context caching of the docker-py client instance has also been removed. Context caching was used based on the same incorrect understanding of how docker-py handles authentication, and sought to avoid repeated login attempts. As that is no longer a concern, there is no need to cache the client instance in the context dunder because we don't really gain a performance benefit from it. The _image_wrapper() function has been removed, as it no longer serves any purpose, and the image-specific code in it that was still needed has been absorbed into the _client_wrapper() helper. The functions which used the _image_wrapper() helper (like push() and pull()) now use _client_wrapper(). Additionally, the decorators used to enforce a minimum Docker version (or Docker API version) have been removed. These are not necessary since docker-py handles raising exceptions when a given feature is not supported by the effective API version. The _client_wrapper() helper function now checks for miscellaneous docker exceptions by catching the docker.errors.DockerException class, which is the base class for the custom exceptions raised by docker-py, and by doing so catches exceptions raised due to API version incompatibility (and more). The list of functions in the top-level docstring has been removed as it is very out-of-date, and is somewhat superfluous anyway given that we have for some time now had a list of the functions on the right side of the page in the documentation. Other changes: - Fixed a bug I introduced when I overhauled the docker_container.running state, in which a container with no changes to be made, which was not running, would be started by the state even when test=True was passed. - Custom registry image names are now properly identified. The colon in the hostname of the custom registry was previously causing incorrect identification of the image name and tag, when no explicit tag was being passed (e.g. localhost:5000/myimage). - When configuring credentials, the creds for the Docker Hub can be configured under a registry named ``hub``. This keeps the user from having to figure out the registry URL and configure it in their Pillar data, and thus makes using this module easier. - Removes the email address from the documentation for credential configuration. This was probably initially added because docker-py accepts it as an argument, but it is entirely ignored for purposes of authentication (even by docker-py) and is thus unnecessary. Relic of an earlier time in Docker's history, perhaps? - Fixed RST references to functions which weren't caught when this module was renamed to dockermod.py - Allow filter arguments in docker.networks to be passed as a comma-separated list as well as a Python list, in keeping with general usage elsewhere in Salt.
2017-04-02 21:27:06 +00:00
get_client_mock = MagicMock(return_value=client)
Improved Docker auth handling and other misc. Docker improvements This commit changes how we handle Docker authentication. We no longer try to auth when pushing/pulling images. This was initially done based on a misunderstanding of how authentication was handled in docker-py. docker-py will automagically use the base64-encoded username/password combination stored in config.json if present, so we don't need to auth at all for push or pull, docker-py will handle all of that. We just need to make sure that we get the auth info into the config.json. To do this I have added a login() function to the execution module, which uses the Docker CLI to authenticate (with output_loglevel set to "quiet" to suppress any logging of the credentials). The CLI is used in this instance because docker-py provides no interface by which to persist a login in the config.json; it can read from the file, but is not designed to *write* to it. Rather than trying to write to this file ourselves, and potentially breaking it when (not *if*) Docker decides to change the internal format of the JSON data structure, using the CLI is a way of future-proofing the authentication logic. Context caching of the docker-py client instance has also been removed. Context caching was used based on the same incorrect understanding of how docker-py handles authentication, and sought to avoid repeated login attempts. As that is no longer a concern, there is no need to cache the client instance in the context dunder because we don't really gain a performance benefit from it. The _image_wrapper() function has been removed, as it no longer serves any purpose, and the image-specific code in it that was still needed has been absorbed into the _client_wrapper() helper. The functions which used the _image_wrapper() helper (like push() and pull()) now use _client_wrapper(). Additionally, the decorators used to enforce a minimum Docker version (or Docker API version) have been removed. These are not necessary since docker-py handles raising exceptions when a given feature is not supported by the effective API version. The _client_wrapper() helper function now checks for miscellaneous docker exceptions by catching the docker.errors.DockerException class, which is the base class for the custom exceptions raised by docker-py, and by doing so catches exceptions raised due to API version incompatibility (and more). The list of functions in the top-level docstring has been removed as it is very out-of-date, and is somewhat superfluous anyway given that we have for some time now had a list of the functions on the right side of the page in the documentation. Other changes: - Fixed a bug I introduced when I overhauled the docker_container.running state, in which a container with no changes to be made, which was not running, would be started by the state even when test=True was passed. - Custom registry image names are now properly identified. The colon in the hostname of the custom registry was previously causing incorrect identification of the image name and tag, when no explicit tag was being passed (e.g. localhost:5000/myimage). - When configuring credentials, the creds for the Docker Hub can be configured under a registry named ``hub``. This keeps the user from having to figure out the registry URL and configure it in their Pillar data, and thus makes using this module easier. - Removes the email address from the documentation for credential configuration. This was probably initially added because docker-py accepts it as an argument, but it is entirely ignored for purposes of authentication (even by docker-py) and is thus unnecessary. Relic of an earlier time in Docker's history, perhaps? - Fixed RST references to functions which weren't caught when this module was renamed to dockermod.py - Allow filter arguments in docker.networks to be passed as a comma-separated list as well as a Python list, in keeping with general usage elsewhere in Salt.
2017-04-02 21:27:06 +00:00
context = {'docker.exec_driver': 'docker-exec'}
with patch.dict(docker_mod.__dict__,
{'__salt__': __salt__}):
with patch.dict(docker_mod.__context__, context):
Improved Docker auth handling and other misc. Docker improvements This commit changes how we handle Docker authentication. We no longer try to auth when pushing/pulling images. This was initially done based on a misunderstanding of how authentication was handled in docker-py. docker-py will automagically use the base64-encoded username/password combination stored in config.json if present, so we don't need to auth at all for push or pull, docker-py will handle all of that. We just need to make sure that we get the auth info into the config.json. To do this I have added a login() function to the execution module, which uses the Docker CLI to authenticate (with output_loglevel set to "quiet" to suppress any logging of the credentials). The CLI is used in this instance because docker-py provides no interface by which to persist a login in the config.json; it can read from the file, but is not designed to *write* to it. Rather than trying to write to this file ourselves, and potentially breaking it when (not *if*) Docker decides to change the internal format of the JSON data structure, using the CLI is a way of future-proofing the authentication logic. Context caching of the docker-py client instance has also been removed. Context caching was used based on the same incorrect understanding of how docker-py handles authentication, and sought to avoid repeated login attempts. As that is no longer a concern, there is no need to cache the client instance in the context dunder because we don't really gain a performance benefit from it. The _image_wrapper() function has been removed, as it no longer serves any purpose, and the image-specific code in it that was still needed has been absorbed into the _client_wrapper() helper. The functions which used the _image_wrapper() helper (like push() and pull()) now use _client_wrapper(). Additionally, the decorators used to enforce a minimum Docker version (or Docker API version) have been removed. These are not necessary since docker-py handles raising exceptions when a given feature is not supported by the effective API version. The _client_wrapper() helper function now checks for miscellaneous docker exceptions by catching the docker.errors.DockerException class, which is the base class for the custom exceptions raised by docker-py, and by doing so catches exceptions raised due to API version incompatibility (and more). The list of functions in the top-level docstring has been removed as it is very out-of-date, and is somewhat superfluous anyway given that we have for some time now had a list of the functions on the right side of the page in the documentation. Other changes: - Fixed a bug I introduced when I overhauled the docker_container.running state, in which a container with no changes to be made, which was not running, would be started by the state even when test=True was passed. - Custom registry image names are now properly identified. The colon in the hostname of the custom registry was previously causing incorrect identification of the image name and tag, when no explicit tag was being passed (e.g. localhost:5000/myimage). - When configuring credentials, the creds for the Docker Hub can be configured under a registry named ``hub``. This keeps the user from having to figure out the registry URL and configure it in their Pillar data, and thus makes using this module easier. - Removes the email address from the documentation for credential configuration. This was probably initially added because docker-py accepts it as an argument, but it is entirely ignored for purposes of authentication (even by docker-py) and is thus unnecessary. Relic of an earlier time in Docker's history, perhaps? - Fixed RST references to functions which weren't caught when this module was renamed to dockermod.py - Allow filter arguments in docker.networks to be passed as a comma-separated list as well as a Python list, in keeping with general usage elsewhere in Salt.
2017-04-02 21:27:06 +00:00
with patch.object(docker_mod, '_get_client', get_client_mock):
docker_mod.connect_container_to_network('container', 'foo')
client.connect_container_to_network.assert_called_once_with(
Many improvements to docker network and container states Much Improved Support for Docker Networking =========================================== The `docker_network.present` state has undergone a full rewrite, which includes the following improvements: Full API Support for Network Management --------------------------------------- The improvements made to input handling in the `docker_container.running` state for 2017.7.0 have now been expanded to docker_network.present`. This brings with it full support for all tunable configuration arguments. Custom Subnets -------------- Custom subnets can now be configured. Both IPv4 and mixed IPv4/IPv6 networks are supported. Network Configuration in :py:func:`docker_container.running` States ------------------------------------------------------------------- It is now possible to configure static IPv4/IPv6 addresses, as well as links and labels. Improved Handling of Images from Custom Registries ================================================== Rather than attempting to parse the tag from the passed image name, Salt will now resolve that tag down to an image ID and use that ID instead. Due to this change, there are some backward-incompatible changes to image management. See below for a full list of these changes. Backward-incompatible Changes to Docker Image Management -------------------------------------------------------- Passing image names to the following functions must now be done using separate `repository` and `tag` arguments: - `docker.build` - `docker.commit` - `docker.import` - `docker.load` - `docker.tag` - `docker.sls_build` Additionally, the `tag` argument must now be explicitly passed to the `docker_image.present` state, unless the image is being pulled from a docker registry.
2017-11-01 02:04:41 +00:00
'container', 'foo')
@skipIf(docker_version < (1, 5, 0),
'docker module must be installed to run this test or is too old. >=1.5.0')
def test_disconnect_container_from_network(self, *args):
'''
Improved Docker auth handling and other misc. Docker improvements This commit changes how we handle Docker authentication. We no longer try to auth when pushing/pulling images. This was initially done based on a misunderstanding of how authentication was handled in docker-py. docker-py will automagically use the base64-encoded username/password combination stored in config.json if present, so we don't need to auth at all for push or pull, docker-py will handle all of that. We just need to make sure that we get the auth info into the config.json. To do this I have added a login() function to the execution module, which uses the Docker CLI to authenticate (with output_loglevel set to "quiet" to suppress any logging of the credentials). The CLI is used in this instance because docker-py provides no interface by which to persist a login in the config.json; it can read from the file, but is not designed to *write* to it. Rather than trying to write to this file ourselves, and potentially breaking it when (not *if*) Docker decides to change the internal format of the JSON data structure, using the CLI is a way of future-proofing the authentication logic. Context caching of the docker-py client instance has also been removed. Context caching was used based on the same incorrect understanding of how docker-py handles authentication, and sought to avoid repeated login attempts. As that is no longer a concern, there is no need to cache the client instance in the context dunder because we don't really gain a performance benefit from it. The _image_wrapper() function has been removed, as it no longer serves any purpose, and the image-specific code in it that was still needed has been absorbed into the _client_wrapper() helper. The functions which used the _image_wrapper() helper (like push() and pull()) now use _client_wrapper(). Additionally, the decorators used to enforce a minimum Docker version (or Docker API version) have been removed. These are not necessary since docker-py handles raising exceptions when a given feature is not supported by the effective API version. The _client_wrapper() helper function now checks for miscellaneous docker exceptions by catching the docker.errors.DockerException class, which is the base class for the custom exceptions raised by docker-py, and by doing so catches exceptions raised due to API version incompatibility (and more). The list of functions in the top-level docstring has been removed as it is very out-of-date, and is somewhat superfluous anyway given that we have for some time now had a list of the functions on the right side of the page in the documentation. Other changes: - Fixed a bug I introduced when I overhauled the docker_container.running state, in which a container with no changes to be made, which was not running, would be started by the state even when test=True was passed. - Custom registry image names are now properly identified. The colon in the hostname of the custom registry was previously causing incorrect identification of the image name and tag, when no explicit tag was being passed (e.g. localhost:5000/myimage). - When configuring credentials, the creds for the Docker Hub can be configured under a registry named ``hub``. This keeps the user from having to figure out the registry URL and configure it in their Pillar data, and thus makes using this module easier. - Removes the email address from the documentation for credential configuration. This was probably initially added because docker-py accepts it as an argument, but it is entirely ignored for purposes of authentication (even by docker-py) and is thus unnecessary. Relic of an earlier time in Docker's history, perhaps? - Fixed RST references to functions which weren't caught when this module was renamed to dockermod.py - Allow filter arguments in docker.networks to be passed as a comma-separated list as well as a Python list, in keeping with general usage elsewhere in Salt.
2017-04-02 21:27:06 +00:00
test disconnect_container_from_network
'''
__salt__ = {
'config.get': Mock(),
'mine.send': Mock(),
}
host_config = {}
client = Mock()
client.api_version = '1.21'
Improved Docker auth handling and other misc. Docker improvements This commit changes how we handle Docker authentication. We no longer try to auth when pushing/pulling images. This was initially done based on a misunderstanding of how authentication was handled in docker-py. docker-py will automagically use the base64-encoded username/password combination stored in config.json if present, so we don't need to auth at all for push or pull, docker-py will handle all of that. We just need to make sure that we get the auth info into the config.json. To do this I have added a login() function to the execution module, which uses the Docker CLI to authenticate (with output_loglevel set to "quiet" to suppress any logging of the credentials). The CLI is used in this instance because docker-py provides no interface by which to persist a login in the config.json; it can read from the file, but is not designed to *write* to it. Rather than trying to write to this file ourselves, and potentially breaking it when (not *if*) Docker decides to change the internal format of the JSON data structure, using the CLI is a way of future-proofing the authentication logic. Context caching of the docker-py client instance has also been removed. Context caching was used based on the same incorrect understanding of how docker-py handles authentication, and sought to avoid repeated login attempts. As that is no longer a concern, there is no need to cache the client instance in the context dunder because we don't really gain a performance benefit from it. The _image_wrapper() function has been removed, as it no longer serves any purpose, and the image-specific code in it that was still needed has been absorbed into the _client_wrapper() helper. The functions which used the _image_wrapper() helper (like push() and pull()) now use _client_wrapper(). Additionally, the decorators used to enforce a minimum Docker version (or Docker API version) have been removed. These are not necessary since docker-py handles raising exceptions when a given feature is not supported by the effective API version. The _client_wrapper() helper function now checks for miscellaneous docker exceptions by catching the docker.errors.DockerException class, which is the base class for the custom exceptions raised by docker-py, and by doing so catches exceptions raised due to API version incompatibility (and more). The list of functions in the top-level docstring has been removed as it is very out-of-date, and is somewhat superfluous anyway given that we have for some time now had a list of the functions on the right side of the page in the documentation. Other changes: - Fixed a bug I introduced when I overhauled the docker_container.running state, in which a container with no changes to be made, which was not running, would be started by the state even when test=True was passed. - Custom registry image names are now properly identified. The colon in the hostname of the custom registry was previously causing incorrect identification of the image name and tag, when no explicit tag was being passed (e.g. localhost:5000/myimage). - When configuring credentials, the creds for the Docker Hub can be configured under a registry named ``hub``. This keeps the user from having to figure out the registry URL and configure it in their Pillar data, and thus makes using this module easier. - Removes the email address from the documentation for credential configuration. This was probably initially added because docker-py accepts it as an argument, but it is entirely ignored for purposes of authentication (even by docker-py) and is thus unnecessary. Relic of an earlier time in Docker's history, perhaps? - Fixed RST references to functions which weren't caught when this module was renamed to dockermod.py - Allow filter arguments in docker.networks to be passed as a comma-separated list as well as a Python list, in keeping with general usage elsewhere in Salt.
2017-04-02 21:27:06 +00:00
get_client_mock = MagicMock(return_value=client)
with patch.dict(docker_mod.__dict__,
{'__salt__': __salt__}):
Improved Docker auth handling and other misc. Docker improvements This commit changes how we handle Docker authentication. We no longer try to auth when pushing/pulling images. This was initially done based on a misunderstanding of how authentication was handled in docker-py. docker-py will automagically use the base64-encoded username/password combination stored in config.json if present, so we don't need to auth at all for push or pull, docker-py will handle all of that. We just need to make sure that we get the auth info into the config.json. To do this I have added a login() function to the execution module, which uses the Docker CLI to authenticate (with output_loglevel set to "quiet" to suppress any logging of the credentials). The CLI is used in this instance because docker-py provides no interface by which to persist a login in the config.json; it can read from the file, but is not designed to *write* to it. Rather than trying to write to this file ourselves, and potentially breaking it when (not *if*) Docker decides to change the internal format of the JSON data structure, using the CLI is a way of future-proofing the authentication logic. Context caching of the docker-py client instance has also been removed. Context caching was used based on the same incorrect understanding of how docker-py handles authentication, and sought to avoid repeated login attempts. As that is no longer a concern, there is no need to cache the client instance in the context dunder because we don't really gain a performance benefit from it. The _image_wrapper() function has been removed, as it no longer serves any purpose, and the image-specific code in it that was still needed has been absorbed into the _client_wrapper() helper. The functions which used the _image_wrapper() helper (like push() and pull()) now use _client_wrapper(). Additionally, the decorators used to enforce a minimum Docker version (or Docker API version) have been removed. These are not necessary since docker-py handles raising exceptions when a given feature is not supported by the effective API version. The _client_wrapper() helper function now checks for miscellaneous docker exceptions by catching the docker.errors.DockerException class, which is the base class for the custom exceptions raised by docker-py, and by doing so catches exceptions raised due to API version incompatibility (and more). The list of functions in the top-level docstring has been removed as it is very out-of-date, and is somewhat superfluous anyway given that we have for some time now had a list of the functions on the right side of the page in the documentation. Other changes: - Fixed a bug I introduced when I overhauled the docker_container.running state, in which a container with no changes to be made, which was not running, would be started by the state even when test=True was passed. - Custom registry image names are now properly identified. The colon in the hostname of the custom registry was previously causing incorrect identification of the image name and tag, when no explicit tag was being passed (e.g. localhost:5000/myimage). - When configuring credentials, the creds for the Docker Hub can be configured under a registry named ``hub``. This keeps the user from having to figure out the registry URL and configure it in their Pillar data, and thus makes using this module easier. - Removes the email address from the documentation for credential configuration. This was probably initially added because docker-py accepts it as an argument, but it is entirely ignored for purposes of authentication (even by docker-py) and is thus unnecessary. Relic of an earlier time in Docker's history, perhaps? - Fixed RST references to functions which weren't caught when this module was renamed to dockermod.py - Allow filter arguments in docker.networks to be passed as a comma-separated list as well as a Python list, in keeping with general usage elsewhere in Salt.
2017-04-02 21:27:06 +00:00
with patch.object(docker_mod, '_get_client', get_client_mock):
docker_mod.disconnect_container_from_network('container', 'foo')
client.disconnect_container_from_network.assert_called_once_with(
'container', 'foo')
@skipIf(docker_version < (1, 5, 0),
'docker module must be installed to run this test or is too old. >=1.5.0')
def test_list_volumes(self, *args):
'''
test list volumes.
'''
__salt__ = {
'config.get': Mock(),
'mine.send': Mock(),
}
client = Mock()
client.api_version = '1.21'
Improved Docker auth handling and other misc. Docker improvements This commit changes how we handle Docker authentication. We no longer try to auth when pushing/pulling images. This was initially done based on a misunderstanding of how authentication was handled in docker-py. docker-py will automagically use the base64-encoded username/password combination stored in config.json if present, so we don't need to auth at all for push or pull, docker-py will handle all of that. We just need to make sure that we get the auth info into the config.json. To do this I have added a login() function to the execution module, which uses the Docker CLI to authenticate (with output_loglevel set to "quiet" to suppress any logging of the credentials). The CLI is used in this instance because docker-py provides no interface by which to persist a login in the config.json; it can read from the file, but is not designed to *write* to it. Rather than trying to write to this file ourselves, and potentially breaking it when (not *if*) Docker decides to change the internal format of the JSON data structure, using the CLI is a way of future-proofing the authentication logic. Context caching of the docker-py client instance has also been removed. Context caching was used based on the same incorrect understanding of how docker-py handles authentication, and sought to avoid repeated login attempts. As that is no longer a concern, there is no need to cache the client instance in the context dunder because we don't really gain a performance benefit from it. The _image_wrapper() function has been removed, as it no longer serves any purpose, and the image-specific code in it that was still needed has been absorbed into the _client_wrapper() helper. The functions which used the _image_wrapper() helper (like push() and pull()) now use _client_wrapper(). Additionally, the decorators used to enforce a minimum Docker version (or Docker API version) have been removed. These are not necessary since docker-py handles raising exceptions when a given feature is not supported by the effective API version. The _client_wrapper() helper function now checks for miscellaneous docker exceptions by catching the docker.errors.DockerException class, which is the base class for the custom exceptions raised by docker-py, and by doing so catches exceptions raised due to API version incompatibility (and more). The list of functions in the top-level docstring has been removed as it is very out-of-date, and is somewhat superfluous anyway given that we have for some time now had a list of the functions on the right side of the page in the documentation. Other changes: - Fixed a bug I introduced when I overhauled the docker_container.running state, in which a container with no changes to be made, which was not running, would be started by the state even when test=True was passed. - Custom registry image names are now properly identified. The colon in the hostname of the custom registry was previously causing incorrect identification of the image name and tag, when no explicit tag was being passed (e.g. localhost:5000/myimage). - When configuring credentials, the creds for the Docker Hub can be configured under a registry named ``hub``. This keeps the user from having to figure out the registry URL and configure it in their Pillar data, and thus makes using this module easier. - Removes the email address from the documentation for credential configuration. This was probably initially added because docker-py accepts it as an argument, but it is entirely ignored for purposes of authentication (even by docker-py) and is thus unnecessary. Relic of an earlier time in Docker's history, perhaps? - Fixed RST references to functions which weren't caught when this module was renamed to dockermod.py - Allow filter arguments in docker.networks to be passed as a comma-separated list as well as a Python list, in keeping with general usage elsewhere in Salt.
2017-04-02 21:27:06 +00:00
get_client_mock = MagicMock(return_value=client)
with patch.dict(docker_mod.__dict__,
{'__salt__': __salt__}):
Improved Docker auth handling and other misc. Docker improvements This commit changes how we handle Docker authentication. We no longer try to auth when pushing/pulling images. This was initially done based on a misunderstanding of how authentication was handled in docker-py. docker-py will automagically use the base64-encoded username/password combination stored in config.json if present, so we don't need to auth at all for push or pull, docker-py will handle all of that. We just need to make sure that we get the auth info into the config.json. To do this I have added a login() function to the execution module, which uses the Docker CLI to authenticate (with output_loglevel set to "quiet" to suppress any logging of the credentials). The CLI is used in this instance because docker-py provides no interface by which to persist a login in the config.json; it can read from the file, but is not designed to *write* to it. Rather than trying to write to this file ourselves, and potentially breaking it when (not *if*) Docker decides to change the internal format of the JSON data structure, using the CLI is a way of future-proofing the authentication logic. Context caching of the docker-py client instance has also been removed. Context caching was used based on the same incorrect understanding of how docker-py handles authentication, and sought to avoid repeated login attempts. As that is no longer a concern, there is no need to cache the client instance in the context dunder because we don't really gain a performance benefit from it. The _image_wrapper() function has been removed, as it no longer serves any purpose, and the image-specific code in it that was still needed has been absorbed into the _client_wrapper() helper. The functions which used the _image_wrapper() helper (like push() and pull()) now use _client_wrapper(). Additionally, the decorators used to enforce a minimum Docker version (or Docker API version) have been removed. These are not necessary since docker-py handles raising exceptions when a given feature is not supported by the effective API version. The _client_wrapper() helper function now checks for miscellaneous docker exceptions by catching the docker.errors.DockerException class, which is the base class for the custom exceptions raised by docker-py, and by doing so catches exceptions raised due to API version incompatibility (and more). The list of functions in the top-level docstring has been removed as it is very out-of-date, and is somewhat superfluous anyway given that we have for some time now had a list of the functions on the right side of the page in the documentation. Other changes: - Fixed a bug I introduced when I overhauled the docker_container.running state, in which a container with no changes to be made, which was not running, would be started by the state even when test=True was passed. - Custom registry image names are now properly identified. The colon in the hostname of the custom registry was previously causing incorrect identification of the image name and tag, when no explicit tag was being passed (e.g. localhost:5000/myimage). - When configuring credentials, the creds for the Docker Hub can be configured under a registry named ``hub``. This keeps the user from having to figure out the registry URL and configure it in their Pillar data, and thus makes using this module easier. - Removes the email address from the documentation for credential configuration. This was probably initially added because docker-py accepts it as an argument, but it is entirely ignored for purposes of authentication (even by docker-py) and is thus unnecessary. Relic of an earlier time in Docker's history, perhaps? - Fixed RST references to functions which weren't caught when this module was renamed to dockermod.py - Allow filter arguments in docker.networks to be passed as a comma-separated list as well as a Python list, in keeping with general usage elsewhere in Salt.
2017-04-02 21:27:06 +00:00
with patch.object(docker_mod, '_get_client', get_client_mock):
docker_mod.volumes(
filters={'dangling': [True]},
)
client.volumes.assert_called_once_with(
filters={'dangling': [True]},
)
@skipIf(docker_version < (1, 5, 0),
'docker module must be installed to run this test or is too old. >=1.5.0')
def test_create_volume(self, *args):
'''
test create volume.
'''
__salt__ = {
'config.get': Mock(),
'mine.send': Mock(),
}
client = Mock()
client.api_version = '1.21'
Improved Docker auth handling and other misc. Docker improvements This commit changes how we handle Docker authentication. We no longer try to auth when pushing/pulling images. This was initially done based on a misunderstanding of how authentication was handled in docker-py. docker-py will automagically use the base64-encoded username/password combination stored in config.json if present, so we don't need to auth at all for push or pull, docker-py will handle all of that. We just need to make sure that we get the auth info into the config.json. To do this I have added a login() function to the execution module, which uses the Docker CLI to authenticate (with output_loglevel set to "quiet" to suppress any logging of the credentials). The CLI is used in this instance because docker-py provides no interface by which to persist a login in the config.json; it can read from the file, but is not designed to *write* to it. Rather than trying to write to this file ourselves, and potentially breaking it when (not *if*) Docker decides to change the internal format of the JSON data structure, using the CLI is a way of future-proofing the authentication logic. Context caching of the docker-py client instance has also been removed. Context caching was used based on the same incorrect understanding of how docker-py handles authentication, and sought to avoid repeated login attempts. As that is no longer a concern, there is no need to cache the client instance in the context dunder because we don't really gain a performance benefit from it. The _image_wrapper() function has been removed, as it no longer serves any purpose, and the image-specific code in it that was still needed has been absorbed into the _client_wrapper() helper. The functions which used the _image_wrapper() helper (like push() and pull()) now use _client_wrapper(). Additionally, the decorators used to enforce a minimum Docker version (or Docker API version) have been removed. These are not necessary since docker-py handles raising exceptions when a given feature is not supported by the effective API version. The _client_wrapper() helper function now checks for miscellaneous docker exceptions by catching the docker.errors.DockerException class, which is the base class for the custom exceptions raised by docker-py, and by doing so catches exceptions raised due to API version incompatibility (and more). The list of functions in the top-level docstring has been removed as it is very out-of-date, and is somewhat superfluous anyway given that we have for some time now had a list of the functions on the right side of the page in the documentation. Other changes: - Fixed a bug I introduced when I overhauled the docker_container.running state, in which a container with no changes to be made, which was not running, would be started by the state even when test=True was passed. - Custom registry image names are now properly identified. The colon in the hostname of the custom registry was previously causing incorrect identification of the image name and tag, when no explicit tag was being passed (e.g. localhost:5000/myimage). - When configuring credentials, the creds for the Docker Hub can be configured under a registry named ``hub``. This keeps the user from having to figure out the registry URL and configure it in their Pillar data, and thus makes using this module easier. - Removes the email address from the documentation for credential configuration. This was probably initially added because docker-py accepts it as an argument, but it is entirely ignored for purposes of authentication (even by docker-py) and is thus unnecessary. Relic of an earlier time in Docker's history, perhaps? - Fixed RST references to functions which weren't caught when this module was renamed to dockermod.py - Allow filter arguments in docker.networks to be passed as a comma-separated list as well as a Python list, in keeping with general usage elsewhere in Salt.
2017-04-02 21:27:06 +00:00
get_client_mock = MagicMock(return_value=client)
with patch.dict(docker_mod.__dict__,
{'__salt__': __salt__}):
Improved Docker auth handling and other misc. Docker improvements This commit changes how we handle Docker authentication. We no longer try to auth when pushing/pulling images. This was initially done based on a misunderstanding of how authentication was handled in docker-py. docker-py will automagically use the base64-encoded username/password combination stored in config.json if present, so we don't need to auth at all for push or pull, docker-py will handle all of that. We just need to make sure that we get the auth info into the config.json. To do this I have added a login() function to the execution module, which uses the Docker CLI to authenticate (with output_loglevel set to "quiet" to suppress any logging of the credentials). The CLI is used in this instance because docker-py provides no interface by which to persist a login in the config.json; it can read from the file, but is not designed to *write* to it. Rather than trying to write to this file ourselves, and potentially breaking it when (not *if*) Docker decides to change the internal format of the JSON data structure, using the CLI is a way of future-proofing the authentication logic. Context caching of the docker-py client instance has also been removed. Context caching was used based on the same incorrect understanding of how docker-py handles authentication, and sought to avoid repeated login attempts. As that is no longer a concern, there is no need to cache the client instance in the context dunder because we don't really gain a performance benefit from it. The _image_wrapper() function has been removed, as it no longer serves any purpose, and the image-specific code in it that was still needed has been absorbed into the _client_wrapper() helper. The functions which used the _image_wrapper() helper (like push() and pull()) now use _client_wrapper(). Additionally, the decorators used to enforce a minimum Docker version (or Docker API version) have been removed. These are not necessary since docker-py handles raising exceptions when a given feature is not supported by the effective API version. The _client_wrapper() helper function now checks for miscellaneous docker exceptions by catching the docker.errors.DockerException class, which is the base class for the custom exceptions raised by docker-py, and by doing so catches exceptions raised due to API version incompatibility (and more). The list of functions in the top-level docstring has been removed as it is very out-of-date, and is somewhat superfluous anyway given that we have for some time now had a list of the functions on the right side of the page in the documentation. Other changes: - Fixed a bug I introduced when I overhauled the docker_container.running state, in which a container with no changes to be made, which was not running, would be started by the state even when test=True was passed. - Custom registry image names are now properly identified. The colon in the hostname of the custom registry was previously causing incorrect identification of the image name and tag, when no explicit tag was being passed (e.g. localhost:5000/myimage). - When configuring credentials, the creds for the Docker Hub can be configured under a registry named ``hub``. This keeps the user from having to figure out the registry URL and configure it in their Pillar data, and thus makes using this module easier. - Removes the email address from the documentation for credential configuration. This was probably initially added because docker-py accepts it as an argument, but it is entirely ignored for purposes of authentication (even by docker-py) and is thus unnecessary. Relic of an earlier time in Docker's history, perhaps? - Fixed RST references to functions which weren't caught when this module was renamed to dockermod.py - Allow filter arguments in docker.networks to be passed as a comma-separated list as well as a Python list, in keeping with general usage elsewhere in Salt.
2017-04-02 21:27:06 +00:00
with patch.object(docker_mod, '_get_client', get_client_mock):
docker_mod.create_volume(
'foo',
driver='bridge',
driver_opts={},
)
client.create_volume.assert_called_once_with(
'foo',
driver='bridge',
driver_opts={},
)
@skipIf(docker_version < (1, 5, 0),
'docker module must be installed to run this test or is too old. >=1.5.0')
def test_remove_volume(self, *args):
'''
test remove volume.
'''
__salt__ = {
'config.get': Mock(),
'mine.send': Mock(),
}
client = Mock()
client.api_version = '1.21'
Improved Docker auth handling and other misc. Docker improvements This commit changes how we handle Docker authentication. We no longer try to auth when pushing/pulling images. This was initially done based on a misunderstanding of how authentication was handled in docker-py. docker-py will automagically use the base64-encoded username/password combination stored in config.json if present, so we don't need to auth at all for push or pull, docker-py will handle all of that. We just need to make sure that we get the auth info into the config.json. To do this I have added a login() function to the execution module, which uses the Docker CLI to authenticate (with output_loglevel set to "quiet" to suppress any logging of the credentials). The CLI is used in this instance because docker-py provides no interface by which to persist a login in the config.json; it can read from the file, but is not designed to *write* to it. Rather than trying to write to this file ourselves, and potentially breaking it when (not *if*) Docker decides to change the internal format of the JSON data structure, using the CLI is a way of future-proofing the authentication logic. Context caching of the docker-py client instance has also been removed. Context caching was used based on the same incorrect understanding of how docker-py handles authentication, and sought to avoid repeated login attempts. As that is no longer a concern, there is no need to cache the client instance in the context dunder because we don't really gain a performance benefit from it. The _image_wrapper() function has been removed, as it no longer serves any purpose, and the image-specific code in it that was still needed has been absorbed into the _client_wrapper() helper. The functions which used the _image_wrapper() helper (like push() and pull()) now use _client_wrapper(). Additionally, the decorators used to enforce a minimum Docker version (or Docker API version) have been removed. These are not necessary since docker-py handles raising exceptions when a given feature is not supported by the effective API version. The _client_wrapper() helper function now checks for miscellaneous docker exceptions by catching the docker.errors.DockerException class, which is the base class for the custom exceptions raised by docker-py, and by doing so catches exceptions raised due to API version incompatibility (and more). The list of functions in the top-level docstring has been removed as it is very out-of-date, and is somewhat superfluous anyway given that we have for some time now had a list of the functions on the right side of the page in the documentation. Other changes: - Fixed a bug I introduced when I overhauled the docker_container.running state, in which a container with no changes to be made, which was not running, would be started by the state even when test=True was passed. - Custom registry image names are now properly identified. The colon in the hostname of the custom registry was previously causing incorrect identification of the image name and tag, when no explicit tag was being passed (e.g. localhost:5000/myimage). - When configuring credentials, the creds for the Docker Hub can be configured under a registry named ``hub``. This keeps the user from having to figure out the registry URL and configure it in their Pillar data, and thus makes using this module easier. - Removes the email address from the documentation for credential configuration. This was probably initially added because docker-py accepts it as an argument, but it is entirely ignored for purposes of authentication (even by docker-py) and is thus unnecessary. Relic of an earlier time in Docker's history, perhaps? - Fixed RST references to functions which weren't caught when this module was renamed to dockermod.py - Allow filter arguments in docker.networks to be passed as a comma-separated list as well as a Python list, in keeping with general usage elsewhere in Salt.
2017-04-02 21:27:06 +00:00
get_client_mock = MagicMock(return_value=client)
with patch.dict(docker_mod.__dict__,
{'__salt__': __salt__}):
Improved Docker auth handling and other misc. Docker improvements This commit changes how we handle Docker authentication. We no longer try to auth when pushing/pulling images. This was initially done based on a misunderstanding of how authentication was handled in docker-py. docker-py will automagically use the base64-encoded username/password combination stored in config.json if present, so we don't need to auth at all for push or pull, docker-py will handle all of that. We just need to make sure that we get the auth info into the config.json. To do this I have added a login() function to the execution module, which uses the Docker CLI to authenticate (with output_loglevel set to "quiet" to suppress any logging of the credentials). The CLI is used in this instance because docker-py provides no interface by which to persist a login in the config.json; it can read from the file, but is not designed to *write* to it. Rather than trying to write to this file ourselves, and potentially breaking it when (not *if*) Docker decides to change the internal format of the JSON data structure, using the CLI is a way of future-proofing the authentication logic. Context caching of the docker-py client instance has also been removed. Context caching was used based on the same incorrect understanding of how docker-py handles authentication, and sought to avoid repeated login attempts. As that is no longer a concern, there is no need to cache the client instance in the context dunder because we don't really gain a performance benefit from it. The _image_wrapper() function has been removed, as it no longer serves any purpose, and the image-specific code in it that was still needed has been absorbed into the _client_wrapper() helper. The functions which used the _image_wrapper() helper (like push() and pull()) now use _client_wrapper(). Additionally, the decorators used to enforce a minimum Docker version (or Docker API version) have been removed. These are not necessary since docker-py handles raising exceptions when a given feature is not supported by the effective API version. The _client_wrapper() helper function now checks for miscellaneous docker exceptions by catching the docker.errors.DockerException class, which is the base class for the custom exceptions raised by docker-py, and by doing so catches exceptions raised due to API version incompatibility (and more). The list of functions in the top-level docstring has been removed as it is very out-of-date, and is somewhat superfluous anyway given that we have for some time now had a list of the functions on the right side of the page in the documentation. Other changes: - Fixed a bug I introduced when I overhauled the docker_container.running state, in which a container with no changes to be made, which was not running, would be started by the state even when test=True was passed. - Custom registry image names are now properly identified. The colon in the hostname of the custom registry was previously causing incorrect identification of the image name and tag, when no explicit tag was being passed (e.g. localhost:5000/myimage). - When configuring credentials, the creds for the Docker Hub can be configured under a registry named ``hub``. This keeps the user from having to figure out the registry URL and configure it in their Pillar data, and thus makes using this module easier. - Removes the email address from the documentation for credential configuration. This was probably initially added because docker-py accepts it as an argument, but it is entirely ignored for purposes of authentication (even by docker-py) and is thus unnecessary. Relic of an earlier time in Docker's history, perhaps? - Fixed RST references to functions which weren't caught when this module was renamed to dockermod.py - Allow filter arguments in docker.networks to be passed as a comma-separated list as well as a Python list, in keeping with general usage elsewhere in Salt.
2017-04-02 21:27:06 +00:00
with patch.object(docker_mod, '_get_client', get_client_mock):
docker_mod.remove_volume('foo')
client.remove_volume.assert_called_once_with('foo')
@skipIf(docker_version < (1, 5, 0),
'docker module must be installed to run this test or is too old. >=1.5.0')
def test_inspect_volume(self, *args):
'''
test inspect volume.
'''
__salt__ = {
'config.get': Mock(),
'mine.send': Mock(),
}
client = Mock()
client.api_version = '1.21'
Improved Docker auth handling and other misc. Docker improvements This commit changes how we handle Docker authentication. We no longer try to auth when pushing/pulling images. This was initially done based on a misunderstanding of how authentication was handled in docker-py. docker-py will automagically use the base64-encoded username/password combination stored in config.json if present, so we don't need to auth at all for push or pull, docker-py will handle all of that. We just need to make sure that we get the auth info into the config.json. To do this I have added a login() function to the execution module, which uses the Docker CLI to authenticate (with output_loglevel set to "quiet" to suppress any logging of the credentials). The CLI is used in this instance because docker-py provides no interface by which to persist a login in the config.json; it can read from the file, but is not designed to *write* to it. Rather than trying to write to this file ourselves, and potentially breaking it when (not *if*) Docker decides to change the internal format of the JSON data structure, using the CLI is a way of future-proofing the authentication logic. Context caching of the docker-py client instance has also been removed. Context caching was used based on the same incorrect understanding of how docker-py handles authentication, and sought to avoid repeated login attempts. As that is no longer a concern, there is no need to cache the client instance in the context dunder because we don't really gain a performance benefit from it. The _image_wrapper() function has been removed, as it no longer serves any purpose, and the image-specific code in it that was still needed has been absorbed into the _client_wrapper() helper. The functions which used the _image_wrapper() helper (like push() and pull()) now use _client_wrapper(). Additionally, the decorators used to enforce a minimum Docker version (or Docker API version) have been removed. These are not necessary since docker-py handles raising exceptions when a given feature is not supported by the effective API version. The _client_wrapper() helper function now checks for miscellaneous docker exceptions by catching the docker.errors.DockerException class, which is the base class for the custom exceptions raised by docker-py, and by doing so catches exceptions raised due to API version incompatibility (and more). The list of functions in the top-level docstring has been removed as it is very out-of-date, and is somewhat superfluous anyway given that we have for some time now had a list of the functions on the right side of the page in the documentation. Other changes: - Fixed a bug I introduced when I overhauled the docker_container.running state, in which a container with no changes to be made, which was not running, would be started by the state even when test=True was passed. - Custom registry image names are now properly identified. The colon in the hostname of the custom registry was previously causing incorrect identification of the image name and tag, when no explicit tag was being passed (e.g. localhost:5000/myimage). - When configuring credentials, the creds for the Docker Hub can be configured under a registry named ``hub``. This keeps the user from having to figure out the registry URL and configure it in their Pillar data, and thus makes using this module easier. - Removes the email address from the documentation for credential configuration. This was probably initially added because docker-py accepts it as an argument, but it is entirely ignored for purposes of authentication (even by docker-py) and is thus unnecessary. Relic of an earlier time in Docker's history, perhaps? - Fixed RST references to functions which weren't caught when this module was renamed to dockermod.py - Allow filter arguments in docker.networks to be passed as a comma-separated list as well as a Python list, in keeping with general usage elsewhere in Salt.
2017-04-02 21:27:06 +00:00
get_client_mock = MagicMock(return_value=client)
with patch.dict(docker_mod.__dict__,
{'__salt__': __salt__}):
Improved Docker auth handling and other misc. Docker improvements This commit changes how we handle Docker authentication. We no longer try to auth when pushing/pulling images. This was initially done based on a misunderstanding of how authentication was handled in docker-py. docker-py will automagically use the base64-encoded username/password combination stored in config.json if present, so we don't need to auth at all for push or pull, docker-py will handle all of that. We just need to make sure that we get the auth info into the config.json. To do this I have added a login() function to the execution module, which uses the Docker CLI to authenticate (with output_loglevel set to "quiet" to suppress any logging of the credentials). The CLI is used in this instance because docker-py provides no interface by which to persist a login in the config.json; it can read from the file, but is not designed to *write* to it. Rather than trying to write to this file ourselves, and potentially breaking it when (not *if*) Docker decides to change the internal format of the JSON data structure, using the CLI is a way of future-proofing the authentication logic. Context caching of the docker-py client instance has also been removed. Context caching was used based on the same incorrect understanding of how docker-py handles authentication, and sought to avoid repeated login attempts. As that is no longer a concern, there is no need to cache the client instance in the context dunder because we don't really gain a performance benefit from it. The _image_wrapper() function has been removed, as it no longer serves any purpose, and the image-specific code in it that was still needed has been absorbed into the _client_wrapper() helper. The functions which used the _image_wrapper() helper (like push() and pull()) now use _client_wrapper(). Additionally, the decorators used to enforce a minimum Docker version (or Docker API version) have been removed. These are not necessary since docker-py handles raising exceptions when a given feature is not supported by the effective API version. The _client_wrapper() helper function now checks for miscellaneous docker exceptions by catching the docker.errors.DockerException class, which is the base class for the custom exceptions raised by docker-py, and by doing so catches exceptions raised due to API version incompatibility (and more). The list of functions in the top-level docstring has been removed as it is very out-of-date, and is somewhat superfluous anyway given that we have for some time now had a list of the functions on the right side of the page in the documentation. Other changes: - Fixed a bug I introduced when I overhauled the docker_container.running state, in which a container with no changes to be made, which was not running, would be started by the state even when test=True was passed. - Custom registry image names are now properly identified. The colon in the hostname of the custom registry was previously causing incorrect identification of the image name and tag, when no explicit tag was being passed (e.g. localhost:5000/myimage). - When configuring credentials, the creds for the Docker Hub can be configured under a registry named ``hub``. This keeps the user from having to figure out the registry URL and configure it in their Pillar data, and thus makes using this module easier. - Removes the email address from the documentation for credential configuration. This was probably initially added because docker-py accepts it as an argument, but it is entirely ignored for purposes of authentication (even by docker-py) and is thus unnecessary. Relic of an earlier time in Docker's history, perhaps? - Fixed RST references to functions which weren't caught when this module was renamed to dockermod.py - Allow filter arguments in docker.networks to be passed as a comma-separated list as well as a Python list, in keeping with general usage elsewhere in Salt.
2017-04-02 21:27:06 +00:00
with patch.object(docker_mod, '_get_client', get_client_mock):
docker_mod.inspect_volume('foo')
client.inspect_volume.assert_called_once_with('foo')
def test_wait_success(self):
client = Mock()
client.api_version = '1.21'
client.wait = Mock(return_value=0)
Improved Docker auth handling and other misc. Docker improvements This commit changes how we handle Docker authentication. We no longer try to auth when pushing/pulling images. This was initially done based on a misunderstanding of how authentication was handled in docker-py. docker-py will automagically use the base64-encoded username/password combination stored in config.json if present, so we don't need to auth at all for push or pull, docker-py will handle all of that. We just need to make sure that we get the auth info into the config.json. To do this I have added a login() function to the execution module, which uses the Docker CLI to authenticate (with output_loglevel set to "quiet" to suppress any logging of the credentials). The CLI is used in this instance because docker-py provides no interface by which to persist a login in the config.json; it can read from the file, but is not designed to *write* to it. Rather than trying to write to this file ourselves, and potentially breaking it when (not *if*) Docker decides to change the internal format of the JSON data structure, using the CLI is a way of future-proofing the authentication logic. Context caching of the docker-py client instance has also been removed. Context caching was used based on the same incorrect understanding of how docker-py handles authentication, and sought to avoid repeated login attempts. As that is no longer a concern, there is no need to cache the client instance in the context dunder because we don't really gain a performance benefit from it. The _image_wrapper() function has been removed, as it no longer serves any purpose, and the image-specific code in it that was still needed has been absorbed into the _client_wrapper() helper. The functions which used the _image_wrapper() helper (like push() and pull()) now use _client_wrapper(). Additionally, the decorators used to enforce a minimum Docker version (or Docker API version) have been removed. These are not necessary since docker-py handles raising exceptions when a given feature is not supported by the effective API version. The _client_wrapper() helper function now checks for miscellaneous docker exceptions by catching the docker.errors.DockerException class, which is the base class for the custom exceptions raised by docker-py, and by doing so catches exceptions raised due to API version incompatibility (and more). The list of functions in the top-level docstring has been removed as it is very out-of-date, and is somewhat superfluous anyway given that we have for some time now had a list of the functions on the right side of the page in the documentation. Other changes: - Fixed a bug I introduced when I overhauled the docker_container.running state, in which a container with no changes to be made, which was not running, would be started by the state even when test=True was passed. - Custom registry image names are now properly identified. The colon in the hostname of the custom registry was previously causing incorrect identification of the image name and tag, when no explicit tag was being passed (e.g. localhost:5000/myimage). - When configuring credentials, the creds for the Docker Hub can be configured under a registry named ``hub``. This keeps the user from having to figure out the registry URL and configure it in their Pillar data, and thus makes using this module easier. - Removes the email address from the documentation for credential configuration. This was probably initially added because docker-py accepts it as an argument, but it is entirely ignored for purposes of authentication (even by docker-py) and is thus unnecessary. Relic of an earlier time in Docker's history, perhaps? - Fixed RST references to functions which weren't caught when this module was renamed to dockermod.py - Allow filter arguments in docker.networks to be passed as a comma-separated list as well as a Python list, in keeping with general usage elsewhere in Salt.
2017-04-02 21:27:06 +00:00
get_client_mock = MagicMock(return_value=client)
docker_inspect_container = Mock(side_effect=[
{'State': {'Running': True}},
{'State': {'Stopped': True}}])
with patch.object(docker_mod, 'inspect_container',
docker_inspect_container):
Improved Docker auth handling and other misc. Docker improvements This commit changes how we handle Docker authentication. We no longer try to auth when pushing/pulling images. This was initially done based on a misunderstanding of how authentication was handled in docker-py. docker-py will automagically use the base64-encoded username/password combination stored in config.json if present, so we don't need to auth at all for push or pull, docker-py will handle all of that. We just need to make sure that we get the auth info into the config.json. To do this I have added a login() function to the execution module, which uses the Docker CLI to authenticate (with output_loglevel set to "quiet" to suppress any logging of the credentials). The CLI is used in this instance because docker-py provides no interface by which to persist a login in the config.json; it can read from the file, but is not designed to *write* to it. Rather than trying to write to this file ourselves, and potentially breaking it when (not *if*) Docker decides to change the internal format of the JSON data structure, using the CLI is a way of future-proofing the authentication logic. Context caching of the docker-py client instance has also been removed. Context caching was used based on the same incorrect understanding of how docker-py handles authentication, and sought to avoid repeated login attempts. As that is no longer a concern, there is no need to cache the client instance in the context dunder because we don't really gain a performance benefit from it. The _image_wrapper() function has been removed, as it no longer serves any purpose, and the image-specific code in it that was still needed has been absorbed into the _client_wrapper() helper. The functions which used the _image_wrapper() helper (like push() and pull()) now use _client_wrapper(). Additionally, the decorators used to enforce a minimum Docker version (or Docker API version) have been removed. These are not necessary since docker-py handles raising exceptions when a given feature is not supported by the effective API version. The _client_wrapper() helper function now checks for miscellaneous docker exceptions by catching the docker.errors.DockerException class, which is the base class for the custom exceptions raised by docker-py, and by doing so catches exceptions raised due to API version incompatibility (and more). The list of functions in the top-level docstring has been removed as it is very out-of-date, and is somewhat superfluous anyway given that we have for some time now had a list of the functions on the right side of the page in the documentation. Other changes: - Fixed a bug I introduced when I overhauled the docker_container.running state, in which a container with no changes to be made, which was not running, would be started by the state even when test=True was passed. - Custom registry image names are now properly identified. The colon in the hostname of the custom registry was previously causing incorrect identification of the image name and tag, when no explicit tag was being passed (e.g. localhost:5000/myimage). - When configuring credentials, the creds for the Docker Hub can be configured under a registry named ``hub``. This keeps the user from having to figure out the registry URL and configure it in their Pillar data, and thus makes using this module easier. - Removes the email address from the documentation for credential configuration. This was probably initially added because docker-py accepts it as an argument, but it is entirely ignored for purposes of authentication (even by docker-py) and is thus unnecessary. Relic of an earlier time in Docker's history, perhaps? - Fixed RST references to functions which weren't caught when this module was renamed to dockermod.py - Allow filter arguments in docker.networks to be passed as a comma-separated list as well as a Python list, in keeping with general usage elsewhere in Salt.
2017-04-02 21:27:06 +00:00
with patch.object(docker_mod, '_get_client', get_client_mock):
docker_mod._clear_context()
result = docker_mod.wait('foo')
self.assertEqual(result, {'result': True,
'exit_status': 0,
'state': {'new': 'stopped',
'old': 'running'}})
def test_wait_fails_already_stopped(self):
client = Mock()
client.api_version = '1.21'
client.wait = Mock(return_value=0)
Improved Docker auth handling and other misc. Docker improvements This commit changes how we handle Docker authentication. We no longer try to auth when pushing/pulling images. This was initially done based on a misunderstanding of how authentication was handled in docker-py. docker-py will automagically use the base64-encoded username/password combination stored in config.json if present, so we don't need to auth at all for push or pull, docker-py will handle all of that. We just need to make sure that we get the auth info into the config.json. To do this I have added a login() function to the execution module, which uses the Docker CLI to authenticate (with output_loglevel set to "quiet" to suppress any logging of the credentials). The CLI is used in this instance because docker-py provides no interface by which to persist a login in the config.json; it can read from the file, but is not designed to *write* to it. Rather than trying to write to this file ourselves, and potentially breaking it when (not *if*) Docker decides to change the internal format of the JSON data structure, using the CLI is a way of future-proofing the authentication logic. Context caching of the docker-py client instance has also been removed. Context caching was used based on the same incorrect understanding of how docker-py handles authentication, and sought to avoid repeated login attempts. As that is no longer a concern, there is no need to cache the client instance in the context dunder because we don't really gain a performance benefit from it. The _image_wrapper() function has been removed, as it no longer serves any purpose, and the image-specific code in it that was still needed has been absorbed into the _client_wrapper() helper. The functions which used the _image_wrapper() helper (like push() and pull()) now use _client_wrapper(). Additionally, the decorators used to enforce a minimum Docker version (or Docker API version) have been removed. These are not necessary since docker-py handles raising exceptions when a given feature is not supported by the effective API version. The _client_wrapper() helper function now checks for miscellaneous docker exceptions by catching the docker.errors.DockerException class, which is the base class for the custom exceptions raised by docker-py, and by doing so catches exceptions raised due to API version incompatibility (and more). The list of functions in the top-level docstring has been removed as it is very out-of-date, and is somewhat superfluous anyway given that we have for some time now had a list of the functions on the right side of the page in the documentation. Other changes: - Fixed a bug I introduced when I overhauled the docker_container.running state, in which a container with no changes to be made, which was not running, would be started by the state even when test=True was passed. - Custom registry image names are now properly identified. The colon in the hostname of the custom registry was previously causing incorrect identification of the image name and tag, when no explicit tag was being passed (e.g. localhost:5000/myimage). - When configuring credentials, the creds for the Docker Hub can be configured under a registry named ``hub``. This keeps the user from having to figure out the registry URL and configure it in their Pillar data, and thus makes using this module easier. - Removes the email address from the documentation for credential configuration. This was probably initially added because docker-py accepts it as an argument, but it is entirely ignored for purposes of authentication (even by docker-py) and is thus unnecessary. Relic of an earlier time in Docker's history, perhaps? - Fixed RST references to functions which weren't caught when this module was renamed to dockermod.py - Allow filter arguments in docker.networks to be passed as a comma-separated list as well as a Python list, in keeping with general usage elsewhere in Salt.
2017-04-02 21:27:06 +00:00
get_client_mock = MagicMock(return_value=client)
docker_inspect_container = Mock(side_effect=[
{'State': {'Stopped': True}},
{'State': {'Stopped': True}},
])
with patch.object(docker_mod, 'inspect_container',
docker_inspect_container):
Improved Docker auth handling and other misc. Docker improvements This commit changes how we handle Docker authentication. We no longer try to auth when pushing/pulling images. This was initially done based on a misunderstanding of how authentication was handled in docker-py. docker-py will automagically use the base64-encoded username/password combination stored in config.json if present, so we don't need to auth at all for push or pull, docker-py will handle all of that. We just need to make sure that we get the auth info into the config.json. To do this I have added a login() function to the execution module, which uses the Docker CLI to authenticate (with output_loglevel set to "quiet" to suppress any logging of the credentials). The CLI is used in this instance because docker-py provides no interface by which to persist a login in the config.json; it can read from the file, but is not designed to *write* to it. Rather than trying to write to this file ourselves, and potentially breaking it when (not *if*) Docker decides to change the internal format of the JSON data structure, using the CLI is a way of future-proofing the authentication logic. Context caching of the docker-py client instance has also been removed. Context caching was used based on the same incorrect understanding of how docker-py handles authentication, and sought to avoid repeated login attempts. As that is no longer a concern, there is no need to cache the client instance in the context dunder because we don't really gain a performance benefit from it. The _image_wrapper() function has been removed, as it no longer serves any purpose, and the image-specific code in it that was still needed has been absorbed into the _client_wrapper() helper. The functions which used the _image_wrapper() helper (like push() and pull()) now use _client_wrapper(). Additionally, the decorators used to enforce a minimum Docker version (or Docker API version) have been removed. These are not necessary since docker-py handles raising exceptions when a given feature is not supported by the effective API version. The _client_wrapper() helper function now checks for miscellaneous docker exceptions by catching the docker.errors.DockerException class, which is the base class for the custom exceptions raised by docker-py, and by doing so catches exceptions raised due to API version incompatibility (and more). The list of functions in the top-level docstring has been removed as it is very out-of-date, and is somewhat superfluous anyway given that we have for some time now had a list of the functions on the right side of the page in the documentation. Other changes: - Fixed a bug I introduced when I overhauled the docker_container.running state, in which a container with no changes to be made, which was not running, would be started by the state even when test=True was passed. - Custom registry image names are now properly identified. The colon in the hostname of the custom registry was previously causing incorrect identification of the image name and tag, when no explicit tag was being passed (e.g. localhost:5000/myimage). - When configuring credentials, the creds for the Docker Hub can be configured under a registry named ``hub``. This keeps the user from having to figure out the registry URL and configure it in their Pillar data, and thus makes using this module easier. - Removes the email address from the documentation for credential configuration. This was probably initially added because docker-py accepts it as an argument, but it is entirely ignored for purposes of authentication (even by docker-py) and is thus unnecessary. Relic of an earlier time in Docker's history, perhaps? - Fixed RST references to functions which weren't caught when this module was renamed to dockermod.py - Allow filter arguments in docker.networks to be passed as a comma-separated list as well as a Python list, in keeping with general usage elsewhere in Salt.
2017-04-02 21:27:06 +00:00
with patch.object(docker_mod, '_get_client', get_client_mock):
docker_mod._clear_context()
result = docker_mod.wait('foo')
self.assertEqual(result, {'result': False,
'comment': "Container 'foo' already stopped",
'exit_status': 0,
'state': {'new': 'stopped',
'old': 'stopped'}})
def test_wait_success_already_stopped(self):
client = Mock()
client.api_version = '1.21'
client.wait = Mock(return_value=0)
Improved Docker auth handling and other misc. Docker improvements This commit changes how we handle Docker authentication. We no longer try to auth when pushing/pulling images. This was initially done based on a misunderstanding of how authentication was handled in docker-py. docker-py will automagically use the base64-encoded username/password combination stored in config.json if present, so we don't need to auth at all for push or pull, docker-py will handle all of that. We just need to make sure that we get the auth info into the config.json. To do this I have added a login() function to the execution module, which uses the Docker CLI to authenticate (with output_loglevel set to "quiet" to suppress any logging of the credentials). The CLI is used in this instance because docker-py provides no interface by which to persist a login in the config.json; it can read from the file, but is not designed to *write* to it. Rather than trying to write to this file ourselves, and potentially breaking it when (not *if*) Docker decides to change the internal format of the JSON data structure, using the CLI is a way of future-proofing the authentication logic. Context caching of the docker-py client instance has also been removed. Context caching was used based on the same incorrect understanding of how docker-py handles authentication, and sought to avoid repeated login attempts. As that is no longer a concern, there is no need to cache the client instance in the context dunder because we don't really gain a performance benefit from it. The _image_wrapper() function has been removed, as it no longer serves any purpose, and the image-specific code in it that was still needed has been absorbed into the _client_wrapper() helper. The functions which used the _image_wrapper() helper (like push() and pull()) now use _client_wrapper(). Additionally, the decorators used to enforce a minimum Docker version (or Docker API version) have been removed. These are not necessary since docker-py handles raising exceptions when a given feature is not supported by the effective API version. The _client_wrapper() helper function now checks for miscellaneous docker exceptions by catching the docker.errors.DockerException class, which is the base class for the custom exceptions raised by docker-py, and by doing so catches exceptions raised due to API version incompatibility (and more). The list of functions in the top-level docstring has been removed as it is very out-of-date, and is somewhat superfluous anyway given that we have for some time now had a list of the functions on the right side of the page in the documentation. Other changes: - Fixed a bug I introduced when I overhauled the docker_container.running state, in which a container with no changes to be made, which was not running, would be started by the state even when test=True was passed. - Custom registry image names are now properly identified. The colon in the hostname of the custom registry was previously causing incorrect identification of the image name and tag, when no explicit tag was being passed (e.g. localhost:5000/myimage). - When configuring credentials, the creds for the Docker Hub can be configured under a registry named ``hub``. This keeps the user from having to figure out the registry URL and configure it in their Pillar data, and thus makes using this module easier. - Removes the email address from the documentation for credential configuration. This was probably initially added because docker-py accepts it as an argument, but it is entirely ignored for purposes of authentication (even by docker-py) and is thus unnecessary. Relic of an earlier time in Docker's history, perhaps? - Fixed RST references to functions which weren't caught when this module was renamed to dockermod.py - Allow filter arguments in docker.networks to be passed as a comma-separated list as well as a Python list, in keeping with general usage elsewhere in Salt.
2017-04-02 21:27:06 +00:00
get_client_mock = MagicMock(return_value=client)
docker_inspect_container = Mock(side_effect=[
{'State': {'Stopped': True}},
{'State': {'Stopped': True}},
])
with patch.object(docker_mod, 'inspect_container',
docker_inspect_container):
Improved Docker auth handling and other misc. Docker improvements This commit changes how we handle Docker authentication. We no longer try to auth when pushing/pulling images. This was initially done based on a misunderstanding of how authentication was handled in docker-py. docker-py will automagically use the base64-encoded username/password combination stored in config.json if present, so we don't need to auth at all for push or pull, docker-py will handle all of that. We just need to make sure that we get the auth info into the config.json. To do this I have added a login() function to the execution module, which uses the Docker CLI to authenticate (with output_loglevel set to "quiet" to suppress any logging of the credentials). The CLI is used in this instance because docker-py provides no interface by which to persist a login in the config.json; it can read from the file, but is not designed to *write* to it. Rather than trying to write to this file ourselves, and potentially breaking it when (not *if*) Docker decides to change the internal format of the JSON data structure, using the CLI is a way of future-proofing the authentication logic. Context caching of the docker-py client instance has also been removed. Context caching was used based on the same incorrect understanding of how docker-py handles authentication, and sought to avoid repeated login attempts. As that is no longer a concern, there is no need to cache the client instance in the context dunder because we don't really gain a performance benefit from it. The _image_wrapper() function has been removed, as it no longer serves any purpose, and the image-specific code in it that was still needed has been absorbed into the _client_wrapper() helper. The functions which used the _image_wrapper() helper (like push() and pull()) now use _client_wrapper(). Additionally, the decorators used to enforce a minimum Docker version (or Docker API version) have been removed. These are not necessary since docker-py handles raising exceptions when a given feature is not supported by the effective API version. The _client_wrapper() helper function now checks for miscellaneous docker exceptions by catching the docker.errors.DockerException class, which is the base class for the custom exceptions raised by docker-py, and by doing so catches exceptions raised due to API version incompatibility (and more). The list of functions in the top-level docstring has been removed as it is very out-of-date, and is somewhat superfluous anyway given that we have for some time now had a list of the functions on the right side of the page in the documentation. Other changes: - Fixed a bug I introduced when I overhauled the docker_container.running state, in which a container with no changes to be made, which was not running, would be started by the state even when test=True was passed. - Custom registry image names are now properly identified. The colon in the hostname of the custom registry was previously causing incorrect identification of the image name and tag, when no explicit tag was being passed (e.g. localhost:5000/myimage). - When configuring credentials, the creds for the Docker Hub can be configured under a registry named ``hub``. This keeps the user from having to figure out the registry URL and configure it in their Pillar data, and thus makes using this module easier. - Removes the email address from the documentation for credential configuration. This was probably initially added because docker-py accepts it as an argument, but it is entirely ignored for purposes of authentication (even by docker-py) and is thus unnecessary. Relic of an earlier time in Docker's history, perhaps? - Fixed RST references to functions which weren't caught when this module was renamed to dockermod.py - Allow filter arguments in docker.networks to be passed as a comma-separated list as well as a Python list, in keeping with general usage elsewhere in Salt.
2017-04-02 21:27:06 +00:00
with patch.object(docker_mod, '_get_client', get_client_mock):
docker_mod._clear_context()
result = docker_mod.wait('foo', ignore_already_stopped=True)
self.assertEqual(result, {'result': True,
'comment': "Container 'foo' already stopped",
'exit_status': 0,
'state': {'new': 'stopped',
'old': 'stopped'}})
def test_wait_success_absent_container(self):
client = Mock()
client.api_version = '1.21'
Improved Docker auth handling and other misc. Docker improvements This commit changes how we handle Docker authentication. We no longer try to auth when pushing/pulling images. This was initially done based on a misunderstanding of how authentication was handled in docker-py. docker-py will automagically use the base64-encoded username/password combination stored in config.json if present, so we don't need to auth at all for push or pull, docker-py will handle all of that. We just need to make sure that we get the auth info into the config.json. To do this I have added a login() function to the execution module, which uses the Docker CLI to authenticate (with output_loglevel set to "quiet" to suppress any logging of the credentials). The CLI is used in this instance because docker-py provides no interface by which to persist a login in the config.json; it can read from the file, but is not designed to *write* to it. Rather than trying to write to this file ourselves, and potentially breaking it when (not *if*) Docker decides to change the internal format of the JSON data structure, using the CLI is a way of future-proofing the authentication logic. Context caching of the docker-py client instance has also been removed. Context caching was used based on the same incorrect understanding of how docker-py handles authentication, and sought to avoid repeated login attempts. As that is no longer a concern, there is no need to cache the client instance in the context dunder because we don't really gain a performance benefit from it. The _image_wrapper() function has been removed, as it no longer serves any purpose, and the image-specific code in it that was still needed has been absorbed into the _client_wrapper() helper. The functions which used the _image_wrapper() helper (like push() and pull()) now use _client_wrapper(). Additionally, the decorators used to enforce a minimum Docker version (or Docker API version) have been removed. These are not necessary since docker-py handles raising exceptions when a given feature is not supported by the effective API version. The _client_wrapper() helper function now checks for miscellaneous docker exceptions by catching the docker.errors.DockerException class, which is the base class for the custom exceptions raised by docker-py, and by doing so catches exceptions raised due to API version incompatibility (and more). The list of functions in the top-level docstring has been removed as it is very out-of-date, and is somewhat superfluous anyway given that we have for some time now had a list of the functions on the right side of the page in the documentation. Other changes: - Fixed a bug I introduced when I overhauled the docker_container.running state, in which a container with no changes to be made, which was not running, would be started by the state even when test=True was passed. - Custom registry image names are now properly identified. The colon in the hostname of the custom registry was previously causing incorrect identification of the image name and tag, when no explicit tag was being passed (e.g. localhost:5000/myimage). - When configuring credentials, the creds for the Docker Hub can be configured under a registry named ``hub``. This keeps the user from having to figure out the registry URL and configure it in their Pillar data, and thus makes using this module easier. - Removes the email address from the documentation for credential configuration. This was probably initially added because docker-py accepts it as an argument, but it is entirely ignored for purposes of authentication (even by docker-py) and is thus unnecessary. Relic of an earlier time in Docker's history, perhaps? - Fixed RST references to functions which weren't caught when this module was renamed to dockermod.py - Allow filter arguments in docker.networks to be passed as a comma-separated list as well as a Python list, in keeping with general usage elsewhere in Salt.
2017-04-02 21:27:06 +00:00
get_client_mock = MagicMock(return_value=client)
docker_inspect_container = Mock(side_effect=CommandExecutionError)
with patch.object(docker_mod, 'inspect_container',
docker_inspect_container):
Improved Docker auth handling and other misc. Docker improvements This commit changes how we handle Docker authentication. We no longer try to auth when pushing/pulling images. This was initially done based on a misunderstanding of how authentication was handled in docker-py. docker-py will automagically use the base64-encoded username/password combination stored in config.json if present, so we don't need to auth at all for push or pull, docker-py will handle all of that. We just need to make sure that we get the auth info into the config.json. To do this I have added a login() function to the execution module, which uses the Docker CLI to authenticate (with output_loglevel set to "quiet" to suppress any logging of the credentials). The CLI is used in this instance because docker-py provides no interface by which to persist a login in the config.json; it can read from the file, but is not designed to *write* to it. Rather than trying to write to this file ourselves, and potentially breaking it when (not *if*) Docker decides to change the internal format of the JSON data structure, using the CLI is a way of future-proofing the authentication logic. Context caching of the docker-py client instance has also been removed. Context caching was used based on the same incorrect understanding of how docker-py handles authentication, and sought to avoid repeated login attempts. As that is no longer a concern, there is no need to cache the client instance in the context dunder because we don't really gain a performance benefit from it. The _image_wrapper() function has been removed, as it no longer serves any purpose, and the image-specific code in it that was still needed has been absorbed into the _client_wrapper() helper. The functions which used the _image_wrapper() helper (like push() and pull()) now use _client_wrapper(). Additionally, the decorators used to enforce a minimum Docker version (or Docker API version) have been removed. These are not necessary since docker-py handles raising exceptions when a given feature is not supported by the effective API version. The _client_wrapper() helper function now checks for miscellaneous docker exceptions by catching the docker.errors.DockerException class, which is the base class for the custom exceptions raised by docker-py, and by doing so catches exceptions raised due to API version incompatibility (and more). The list of functions in the top-level docstring has been removed as it is very out-of-date, and is somewhat superfluous anyway given that we have for some time now had a list of the functions on the right side of the page in the documentation. Other changes: - Fixed a bug I introduced when I overhauled the docker_container.running state, in which a container with no changes to be made, which was not running, would be started by the state even when test=True was passed. - Custom registry image names are now properly identified. The colon in the hostname of the custom registry was previously causing incorrect identification of the image name and tag, when no explicit tag was being passed (e.g. localhost:5000/myimage). - When configuring credentials, the creds for the Docker Hub can be configured under a registry named ``hub``. This keeps the user from having to figure out the registry URL and configure it in their Pillar data, and thus makes using this module easier. - Removes the email address from the documentation for credential configuration. This was probably initially added because docker-py accepts it as an argument, but it is entirely ignored for purposes of authentication (even by docker-py) and is thus unnecessary. Relic of an earlier time in Docker's history, perhaps? - Fixed RST references to functions which weren't caught when this module was renamed to dockermod.py - Allow filter arguments in docker.networks to be passed as a comma-separated list as well as a Python list, in keeping with general usage elsewhere in Salt.
2017-04-02 21:27:06 +00:00
with patch.object(docker_mod, '_get_client', get_client_mock):
docker_mod._clear_context()
result = docker_mod.wait('foo', ignore_already_stopped=True)
self.assertEqual(result, {'result': True,
'comment': "Container 'foo' absent"})
def test_wait_fails_on_exit_status(self):
client = Mock()
client.api_version = '1.21'
client.wait = Mock(return_value=1)
Improved Docker auth handling and other misc. Docker improvements This commit changes how we handle Docker authentication. We no longer try to auth when pushing/pulling images. This was initially done based on a misunderstanding of how authentication was handled in docker-py. docker-py will automagically use the base64-encoded username/password combination stored in config.json if present, so we don't need to auth at all for push or pull, docker-py will handle all of that. We just need to make sure that we get the auth info into the config.json. To do this I have added a login() function to the execution module, which uses the Docker CLI to authenticate (with output_loglevel set to "quiet" to suppress any logging of the credentials). The CLI is used in this instance because docker-py provides no interface by which to persist a login in the config.json; it can read from the file, but is not designed to *write* to it. Rather than trying to write to this file ourselves, and potentially breaking it when (not *if*) Docker decides to change the internal format of the JSON data structure, using the CLI is a way of future-proofing the authentication logic. Context caching of the docker-py client instance has also been removed. Context caching was used based on the same incorrect understanding of how docker-py handles authentication, and sought to avoid repeated login attempts. As that is no longer a concern, there is no need to cache the client instance in the context dunder because we don't really gain a performance benefit from it. The _image_wrapper() function has been removed, as it no longer serves any purpose, and the image-specific code in it that was still needed has been absorbed into the _client_wrapper() helper. The functions which used the _image_wrapper() helper (like push() and pull()) now use _client_wrapper(). Additionally, the decorators used to enforce a minimum Docker version (or Docker API version) have been removed. These are not necessary since docker-py handles raising exceptions when a given feature is not supported by the effective API version. The _client_wrapper() helper function now checks for miscellaneous docker exceptions by catching the docker.errors.DockerException class, which is the base class for the custom exceptions raised by docker-py, and by doing so catches exceptions raised due to API version incompatibility (and more). The list of functions in the top-level docstring has been removed as it is very out-of-date, and is somewhat superfluous anyway given that we have for some time now had a list of the functions on the right side of the page in the documentation. Other changes: - Fixed a bug I introduced when I overhauled the docker_container.running state, in which a container with no changes to be made, which was not running, would be started by the state even when test=True was passed. - Custom registry image names are now properly identified. The colon in the hostname of the custom registry was previously causing incorrect identification of the image name and tag, when no explicit tag was being passed (e.g. localhost:5000/myimage). - When configuring credentials, the creds for the Docker Hub can be configured under a registry named ``hub``. This keeps the user from having to figure out the registry URL and configure it in their Pillar data, and thus makes using this module easier. - Removes the email address from the documentation for credential configuration. This was probably initially added because docker-py accepts it as an argument, but it is entirely ignored for purposes of authentication (even by docker-py) and is thus unnecessary. Relic of an earlier time in Docker's history, perhaps? - Fixed RST references to functions which weren't caught when this module was renamed to dockermod.py - Allow filter arguments in docker.networks to be passed as a comma-separated list as well as a Python list, in keeping with general usage elsewhere in Salt.
2017-04-02 21:27:06 +00:00
get_client_mock = MagicMock(return_value=client)
docker_inspect_container = Mock(side_effect=[
{'State': {'Running': True}},
{'State': {'Stopped': True}}])
with patch.object(docker_mod, 'inspect_container',
docker_inspect_container):
Improved Docker auth handling and other misc. Docker improvements This commit changes how we handle Docker authentication. We no longer try to auth when pushing/pulling images. This was initially done based on a misunderstanding of how authentication was handled in docker-py. docker-py will automagically use the base64-encoded username/password combination stored in config.json if present, so we don't need to auth at all for push or pull, docker-py will handle all of that. We just need to make sure that we get the auth info into the config.json. To do this I have added a login() function to the execution module, which uses the Docker CLI to authenticate (with output_loglevel set to "quiet" to suppress any logging of the credentials). The CLI is used in this instance because docker-py provides no interface by which to persist a login in the config.json; it can read from the file, but is not designed to *write* to it. Rather than trying to write to this file ourselves, and potentially breaking it when (not *if*) Docker decides to change the internal format of the JSON data structure, using the CLI is a way of future-proofing the authentication logic. Context caching of the docker-py client instance has also been removed. Context caching was used based on the same incorrect understanding of how docker-py handles authentication, and sought to avoid repeated login attempts. As that is no longer a concern, there is no need to cache the client instance in the context dunder because we don't really gain a performance benefit from it. The _image_wrapper() function has been removed, as it no longer serves any purpose, and the image-specific code in it that was still needed has been absorbed into the _client_wrapper() helper. The functions which used the _image_wrapper() helper (like push() and pull()) now use _client_wrapper(). Additionally, the decorators used to enforce a minimum Docker version (or Docker API version) have been removed. These are not necessary since docker-py handles raising exceptions when a given feature is not supported by the effective API version. The _client_wrapper() helper function now checks for miscellaneous docker exceptions by catching the docker.errors.DockerException class, which is the base class for the custom exceptions raised by docker-py, and by doing so catches exceptions raised due to API version incompatibility (and more). The list of functions in the top-level docstring has been removed as it is very out-of-date, and is somewhat superfluous anyway given that we have for some time now had a list of the functions on the right side of the page in the documentation. Other changes: - Fixed a bug I introduced when I overhauled the docker_container.running state, in which a container with no changes to be made, which was not running, would be started by the state even when test=True was passed. - Custom registry image names are now properly identified. The colon in the hostname of the custom registry was previously causing incorrect identification of the image name and tag, when no explicit tag was being passed (e.g. localhost:5000/myimage). - When configuring credentials, the creds for the Docker Hub can be configured under a registry named ``hub``. This keeps the user from having to figure out the registry URL and configure it in their Pillar data, and thus makes using this module easier. - Removes the email address from the documentation for credential configuration. This was probably initially added because docker-py accepts it as an argument, but it is entirely ignored for purposes of authentication (even by docker-py) and is thus unnecessary. Relic of an earlier time in Docker's history, perhaps? - Fixed RST references to functions which weren't caught when this module was renamed to dockermod.py - Allow filter arguments in docker.networks to be passed as a comma-separated list as well as a Python list, in keeping with general usage elsewhere in Salt.
2017-04-02 21:27:06 +00:00
with patch.object(docker_mod, '_get_client', get_client_mock):
docker_mod._clear_context()
result = docker_mod.wait('foo', fail_on_exit_status=True)
self.assertEqual(result, {'result': False,
'exit_status': 1,
'state': {'new': 'stopped',
'old': 'running'}})
def test_wait_fails_on_exit_status_and_already_stopped(self):
client = Mock()
client.api_version = '1.21'
client.wait = Mock(return_value=1)
Improved Docker auth handling and other misc. Docker improvements This commit changes how we handle Docker authentication. We no longer try to auth when pushing/pulling images. This was initially done based on a misunderstanding of how authentication was handled in docker-py. docker-py will automagically use the base64-encoded username/password combination stored in config.json if present, so we don't need to auth at all for push or pull, docker-py will handle all of that. We just need to make sure that we get the auth info into the config.json. To do this I have added a login() function to the execution module, which uses the Docker CLI to authenticate (with output_loglevel set to "quiet" to suppress any logging of the credentials). The CLI is used in this instance because docker-py provides no interface by which to persist a login in the config.json; it can read from the file, but is not designed to *write* to it. Rather than trying to write to this file ourselves, and potentially breaking it when (not *if*) Docker decides to change the internal format of the JSON data structure, using the CLI is a way of future-proofing the authentication logic. Context caching of the docker-py client instance has also been removed. Context caching was used based on the same incorrect understanding of how docker-py handles authentication, and sought to avoid repeated login attempts. As that is no longer a concern, there is no need to cache the client instance in the context dunder because we don't really gain a performance benefit from it. The _image_wrapper() function has been removed, as it no longer serves any purpose, and the image-specific code in it that was still needed has been absorbed into the _client_wrapper() helper. The functions which used the _image_wrapper() helper (like push() and pull()) now use _client_wrapper(). Additionally, the decorators used to enforce a minimum Docker version (or Docker API version) have been removed. These are not necessary since docker-py handles raising exceptions when a given feature is not supported by the effective API version. The _client_wrapper() helper function now checks for miscellaneous docker exceptions by catching the docker.errors.DockerException class, which is the base class for the custom exceptions raised by docker-py, and by doing so catches exceptions raised due to API version incompatibility (and more). The list of functions in the top-level docstring has been removed as it is very out-of-date, and is somewhat superfluous anyway given that we have for some time now had a list of the functions on the right side of the page in the documentation. Other changes: - Fixed a bug I introduced when I overhauled the docker_container.running state, in which a container with no changes to be made, which was not running, would be started by the state even when test=True was passed. - Custom registry image names are now properly identified. The colon in the hostname of the custom registry was previously causing incorrect identification of the image name and tag, when no explicit tag was being passed (e.g. localhost:5000/myimage). - When configuring credentials, the creds for the Docker Hub can be configured under a registry named ``hub``. This keeps the user from having to figure out the registry URL and configure it in their Pillar data, and thus makes using this module easier. - Removes the email address from the documentation for credential configuration. This was probably initially added because docker-py accepts it as an argument, but it is entirely ignored for purposes of authentication (even by docker-py) and is thus unnecessary. Relic of an earlier time in Docker's history, perhaps? - Fixed RST references to functions which weren't caught when this module was renamed to dockermod.py - Allow filter arguments in docker.networks to be passed as a comma-separated list as well as a Python list, in keeping with general usage elsewhere in Salt.
2017-04-02 21:27:06 +00:00
get_client_mock = MagicMock(return_value=client)
docker_inspect_container = Mock(side_effect=[
{'State': {'Stopped': True}},
{'State': {'Stopped': True}}])
with patch.object(docker_mod, 'inspect_container',
docker_inspect_container):
Improved Docker auth handling and other misc. Docker improvements This commit changes how we handle Docker authentication. We no longer try to auth when pushing/pulling images. This was initially done based on a misunderstanding of how authentication was handled in docker-py. docker-py will automagically use the base64-encoded username/password combination stored in config.json if present, so we don't need to auth at all for push or pull, docker-py will handle all of that. We just need to make sure that we get the auth info into the config.json. To do this I have added a login() function to the execution module, which uses the Docker CLI to authenticate (with output_loglevel set to "quiet" to suppress any logging of the credentials). The CLI is used in this instance because docker-py provides no interface by which to persist a login in the config.json; it can read from the file, but is not designed to *write* to it. Rather than trying to write to this file ourselves, and potentially breaking it when (not *if*) Docker decides to change the internal format of the JSON data structure, using the CLI is a way of future-proofing the authentication logic. Context caching of the docker-py client instance has also been removed. Context caching was used based on the same incorrect understanding of how docker-py handles authentication, and sought to avoid repeated login attempts. As that is no longer a concern, there is no need to cache the client instance in the context dunder because we don't really gain a performance benefit from it. The _image_wrapper() function has been removed, as it no longer serves any purpose, and the image-specific code in it that was still needed has been absorbed into the _client_wrapper() helper. The functions which used the _image_wrapper() helper (like push() and pull()) now use _client_wrapper(). Additionally, the decorators used to enforce a minimum Docker version (or Docker API version) have been removed. These are not necessary since docker-py handles raising exceptions when a given feature is not supported by the effective API version. The _client_wrapper() helper function now checks for miscellaneous docker exceptions by catching the docker.errors.DockerException class, which is the base class for the custom exceptions raised by docker-py, and by doing so catches exceptions raised due to API version incompatibility (and more). The list of functions in the top-level docstring has been removed as it is very out-of-date, and is somewhat superfluous anyway given that we have for some time now had a list of the functions on the right side of the page in the documentation. Other changes: - Fixed a bug I introduced when I overhauled the docker_container.running state, in which a container with no changes to be made, which was not running, would be started by the state even when test=True was passed. - Custom registry image names are now properly identified. The colon in the hostname of the custom registry was previously causing incorrect identification of the image name and tag, when no explicit tag was being passed (e.g. localhost:5000/myimage). - When configuring credentials, the creds for the Docker Hub can be configured under a registry named ``hub``. This keeps the user from having to figure out the registry URL and configure it in their Pillar data, and thus makes using this module easier. - Removes the email address from the documentation for credential configuration. This was probably initially added because docker-py accepts it as an argument, but it is entirely ignored for purposes of authentication (even by docker-py) and is thus unnecessary. Relic of an earlier time in Docker's history, perhaps? - Fixed RST references to functions which weren't caught when this module was renamed to dockermod.py - Allow filter arguments in docker.networks to be passed as a comma-separated list as well as a Python list, in keeping with general usage elsewhere in Salt.
2017-04-02 21:27:06 +00:00
with patch.object(docker_mod, '_get_client', get_client_mock):
docker_mod._clear_context()
result = docker_mod.wait('foo',
ignore_already_stopped=True,
fail_on_exit_status=True)
self.assertEqual(result, {'result': False,
'comment': "Container 'foo' already stopped",
'exit_status': 1,
'state': {'new': 'stopped',
'old': 'stopped'}})
def test_sls_build(self, *args):
'''
test build sls image.
'''
docker_start_mock = MagicMock(
return_value={})
docker_create_mock = MagicMock(
return_value={'Id': 'ID', 'Name': 'NAME'})
docker_stop_mock = MagicMock(
return_value={'state': {'old': 'running', 'new': 'stopped'},
'result': True})
2017-02-16 20:33:21 +00:00
docker_rm_mock = MagicMock(return_value={})
docker_commit_mock = MagicMock(
return_value={'Id': 'ID2', 'Image': 'foo', 'Time_Elapsed': 42})
docker_sls_mock = MagicMock(
return_value={
"file_|-/etc/test.sh_|-/etc/test.sh_|-managed": {
"comment": "File /etc/test.sh is in the correct state",
"name": "/etc/test.sh",
"start_time": "07:04:26.834792",
"result": True,
"duration": 13.492,
"__run_num__": 0,
"changes": {}
},
"test_|-always-passes_|-foo_|-succeed_without_changes": {
"comment": "Success!",
"name": "foo",
"start_time": "07:04:26.848915",
"result": True,
"duration": 0.363,
"__run_num__": 1,
"changes": {}
}
})
2016-07-06 07:37:14 +00:00
ret = None
Many improvements to docker network and container states Much Improved Support for Docker Networking =========================================== The `docker_network.present` state has undergone a full rewrite, which includes the following improvements: Full API Support for Network Management --------------------------------------- The improvements made to input handling in the `docker_container.running` state for 2017.7.0 have now been expanded to docker_network.present`. This brings with it full support for all tunable configuration arguments. Custom Subnets -------------- Custom subnets can now be configured. Both IPv4 and mixed IPv4/IPv6 networks are supported. Network Configuration in :py:func:`docker_container.running` States ------------------------------------------------------------------- It is now possible to configure static IPv4/IPv6 addresses, as well as links and labels. Improved Handling of Images from Custom Registries ================================================== Rather than attempting to parse the tag from the passed image name, Salt will now resolve that tag down to an image ID and use that ID instead. Due to this change, there are some backward-incompatible changes to image management. See below for a full list of these changes. Backward-incompatible Changes to Docker Image Management -------------------------------------------------------- Passing image names to the following functions must now be done using separate `repository` and `tag` arguments: - `docker.build` - `docker.commit` - `docker.import` - `docker.load` - `docker.tag` - `docker.sls_build` Additionally, the `tag` argument must now be explicitly passed to the `docker_image.present` state, unless the image is being pulled from a docker registry.
2017-11-01 02:04:41 +00:00
with patch.object(docker_mod, 'start_', docker_start_mock), \
patch.object(docker_mod, 'create', docker_create_mock), \
patch.object(docker_mod, 'stop', docker_stop_mock), \
patch.object(docker_mod, 'commit', docker_commit_mock), \
patch.object(docker_mod, 'sls', docker_sls_mock), \
patch.object(docker_mod, 'rm_', docker_rm_mock):
ret = docker_mod.sls_build('foo', mods='foo')
docker_create_mock.assert_called_once_with(
cmd='sleep infinity',
2017-02-16 20:33:21 +00:00
image='opensuse/python', interactive=True, tty=True)
docker_start_mock.assert_called_once_with('ID')
docker_sls_mock.assert_called_once_with('ID', 'foo', 'base')
docker_stop_mock.assert_called_once_with('ID')
2017-02-16 20:33:21 +00:00
docker_rm_mock.assert_called_once_with('ID')
Many improvements to docker network and container states Much Improved Support for Docker Networking =========================================== The `docker_network.present` state has undergone a full rewrite, which includes the following improvements: Full API Support for Network Management --------------------------------------- The improvements made to input handling in the `docker_container.running` state for 2017.7.0 have now been expanded to docker_network.present`. This brings with it full support for all tunable configuration arguments. Custom Subnets -------------- Custom subnets can now be configured. Both IPv4 and mixed IPv4/IPv6 networks are supported. Network Configuration in :py:func:`docker_container.running` States ------------------------------------------------------------------- It is now possible to configure static IPv4/IPv6 addresses, as well as links and labels. Improved Handling of Images from Custom Registries ================================================== Rather than attempting to parse the tag from the passed image name, Salt will now resolve that tag down to an image ID and use that ID instead. Due to this change, there are some backward-incompatible changes to image management. See below for a full list of these changes. Backward-incompatible Changes to Docker Image Management -------------------------------------------------------- Passing image names to the following functions must now be done using separate `repository` and `tag` arguments: - `docker.build` - `docker.commit` - `docker.import` - `docker.load` - `docker.tag` - `docker.sls_build` Additionally, the `tag` argument must now be explicitly passed to the `docker_image.present` state, unless the image is being pulled from a docker registry.
2017-11-01 02:04:41 +00:00
docker_commit_mock.assert_called_once_with('ID', 'foo', tag='latest')
2016-07-06 07:37:14 +00:00
self.assertEqual(
{'Id': 'ID2', 'Image': 'foo', 'Time_Elapsed': 42}, ret)
def test_sls_build_dryrun(self, *args):
'''
test build sls image in dryrun mode.
'''
docker_start_mock = MagicMock(
return_value={})
docker_create_mock = MagicMock(
return_value={'Id': 'ID', 'Name': 'NAME'})
docker_stop_mock = MagicMock(
return_value={'state': {'old': 'running', 'new': 'stopped'},
'result': True})
docker_rm_mock = MagicMock(
return_value={})
docker_sls_mock = MagicMock(
return_value={
"file_|-/etc/test.sh_|-/etc/test.sh_|-managed": {
"comment": "File /etc/test.sh is in the correct state",
"name": "/etc/test.sh",
"start_time": "07:04:26.834792",
"result": True,
"duration": 13.492,
"__run_num__": 0,
"changes": {}
},
"test_|-always-passes_|-foo_|-succeed_without_changes": {
"comment": "Success!",
"name": "foo",
"start_time": "07:04:26.848915",
"result": True,
"duration": 0.363,
"__run_num__": 1,
"changes": {}
}
})
ret = None
Many improvements to docker network and container states Much Improved Support for Docker Networking =========================================== The `docker_network.present` state has undergone a full rewrite, which includes the following improvements: Full API Support for Network Management --------------------------------------- The improvements made to input handling in the `docker_container.running` state for 2017.7.0 have now been expanded to docker_network.present`. This brings with it full support for all tunable configuration arguments. Custom Subnets -------------- Custom subnets can now be configured. Both IPv4 and mixed IPv4/IPv6 networks are supported. Network Configuration in :py:func:`docker_container.running` States ------------------------------------------------------------------- It is now possible to configure static IPv4/IPv6 addresses, as well as links and labels. Improved Handling of Images from Custom Registries ================================================== Rather than attempting to parse the tag from the passed image name, Salt will now resolve that tag down to an image ID and use that ID instead. Due to this change, there are some backward-incompatible changes to image management. See below for a full list of these changes. Backward-incompatible Changes to Docker Image Management -------------------------------------------------------- Passing image names to the following functions must now be done using separate `repository` and `tag` arguments: - `docker.build` - `docker.commit` - `docker.import` - `docker.load` - `docker.tag` - `docker.sls_build` Additionally, the `tag` argument must now be explicitly passed to the `docker_image.present` state, unless the image is being pulled from a docker registry.
2017-11-01 02:04:41 +00:00
with patch.object(docker_mod, 'start_', docker_start_mock), \
patch.object(docker_mod, 'create', docker_create_mock), \
patch.object(docker_mod, 'stop', docker_stop_mock), \
patch.object(docker_mod, 'rm_', docker_rm_mock), \
patch.object(docker_mod, 'sls', docker_sls_mock):
ret = docker_mod.sls_build('foo', mods='foo', dryrun=True)
docker_create_mock.assert_called_once_with(
cmd='sleep infinity',
2017-02-16 20:33:21 +00:00
image='opensuse/python', interactive=True, tty=True)
docker_start_mock.assert_called_once_with('ID')
docker_sls_mock.assert_called_once_with('ID', 'foo', 'base')
docker_stop_mock.assert_called_once_with('ID')
docker_rm_mock.assert_called_once_with('ID')
self.assertEqual(
{
"file_|-/etc/test.sh_|-/etc/test.sh_|-managed": {
"comment": "File /etc/test.sh is in the correct state",
"name": "/etc/test.sh",
"start_time": "07:04:26.834792",
"result": True,
"duration": 13.492,
"__run_num__": 0,
"changes": {}
},
"test_|-always-passes_|-foo_|-succeed_without_changes": {
"comment": "Success!",
"name": "foo",
"start_time": "07:04:26.848915",
"result": True,
"duration": 0.363,
"__run_num__": 1,
"changes": {}
}
},
ret)
def test_call_success(self):
2016-07-06 09:49:39 +00:00
'''
test module calling inside containers
'''
ret = None
2016-07-06 09:49:39 +00:00
docker_run_all_mock = MagicMock(
return_value={
'retcode': 0,
'stdout': '{"retcode": 0, "comment": "container cmd"}',
'stderr': 'err',
})
docker_copy_to_mock = MagicMock(
return_value={
'retcode': 0
})
docker_config_mock = MagicMock(
return_value=''
)
2016-07-06 09:49:39 +00:00
client = Mock()
client.put_archive = Mock()
Improved Docker auth handling and other misc. Docker improvements This commit changes how we handle Docker authentication. We no longer try to auth when pushing/pulling images. This was initially done based on a misunderstanding of how authentication was handled in docker-py. docker-py will automagically use the base64-encoded username/password combination stored in config.json if present, so we don't need to auth at all for push or pull, docker-py will handle all of that. We just need to make sure that we get the auth info into the config.json. To do this I have added a login() function to the execution module, which uses the Docker CLI to authenticate (with output_loglevel set to "quiet" to suppress any logging of the credentials). The CLI is used in this instance because docker-py provides no interface by which to persist a login in the config.json; it can read from the file, but is not designed to *write* to it. Rather than trying to write to this file ourselves, and potentially breaking it when (not *if*) Docker decides to change the internal format of the JSON data structure, using the CLI is a way of future-proofing the authentication logic. Context caching of the docker-py client instance has also been removed. Context caching was used based on the same incorrect understanding of how docker-py handles authentication, and sought to avoid repeated login attempts. As that is no longer a concern, there is no need to cache the client instance in the context dunder because we don't really gain a performance benefit from it. The _image_wrapper() function has been removed, as it no longer serves any purpose, and the image-specific code in it that was still needed has been absorbed into the _client_wrapper() helper. The functions which used the _image_wrapper() helper (like push() and pull()) now use _client_wrapper(). Additionally, the decorators used to enforce a minimum Docker version (or Docker API version) have been removed. These are not necessary since docker-py handles raising exceptions when a given feature is not supported by the effective API version. The _client_wrapper() helper function now checks for miscellaneous docker exceptions by catching the docker.errors.DockerException class, which is the base class for the custom exceptions raised by docker-py, and by doing so catches exceptions raised due to API version incompatibility (and more). The list of functions in the top-level docstring has been removed as it is very out-of-date, and is somewhat superfluous anyway given that we have for some time now had a list of the functions on the right side of the page in the documentation. Other changes: - Fixed a bug I introduced when I overhauled the docker_container.running state, in which a container with no changes to be made, which was not running, would be started by the state even when test=True was passed. - Custom registry image names are now properly identified. The colon in the hostname of the custom registry was previously causing incorrect identification of the image name and tag, when no explicit tag was being passed (e.g. localhost:5000/myimage). - When configuring credentials, the creds for the Docker Hub can be configured under a registry named ``hub``. This keeps the user from having to figure out the registry URL and configure it in their Pillar data, and thus makes using this module easier. - Removes the email address from the documentation for credential configuration. This was probably initially added because docker-py accepts it as an argument, but it is entirely ignored for purposes of authentication (even by docker-py) and is thus unnecessary. Relic of an earlier time in Docker's history, perhaps? - Fixed RST references to functions which weren't caught when this module was renamed to dockermod.py - Allow filter arguments in docker.networks to be passed as a comma-separated list as well as a Python list, in keeping with general usage elsewhere in Salt.
2017-04-02 21:27:06 +00:00
get_client_mock = MagicMock(return_value=client)
2016-07-06 09:49:39 +00:00
Improved Docker auth handling and other misc. Docker improvements This commit changes how we handle Docker authentication. We no longer try to auth when pushing/pulling images. This was initially done based on a misunderstanding of how authentication was handled in docker-py. docker-py will automagically use the base64-encoded username/password combination stored in config.json if present, so we don't need to auth at all for push or pull, docker-py will handle all of that. We just need to make sure that we get the auth info into the config.json. To do this I have added a login() function to the execution module, which uses the Docker CLI to authenticate (with output_loglevel set to "quiet" to suppress any logging of the credentials). The CLI is used in this instance because docker-py provides no interface by which to persist a login in the config.json; it can read from the file, but is not designed to *write* to it. Rather than trying to write to this file ourselves, and potentially breaking it when (not *if*) Docker decides to change the internal format of the JSON data structure, using the CLI is a way of future-proofing the authentication logic. Context caching of the docker-py client instance has also been removed. Context caching was used based on the same incorrect understanding of how docker-py handles authentication, and sought to avoid repeated login attempts. As that is no longer a concern, there is no need to cache the client instance in the context dunder because we don't really gain a performance benefit from it. The _image_wrapper() function has been removed, as it no longer serves any purpose, and the image-specific code in it that was still needed has been absorbed into the _client_wrapper() helper. The functions which used the _image_wrapper() helper (like push() and pull()) now use _client_wrapper(). Additionally, the decorators used to enforce a minimum Docker version (or Docker API version) have been removed. These are not necessary since docker-py handles raising exceptions when a given feature is not supported by the effective API version. The _client_wrapper() helper function now checks for miscellaneous docker exceptions by catching the docker.errors.DockerException class, which is the base class for the custom exceptions raised by docker-py, and by doing so catches exceptions raised due to API version incompatibility (and more). The list of functions in the top-level docstring has been removed as it is very out-of-date, and is somewhat superfluous anyway given that we have for some time now had a list of the functions on the right side of the page in the documentation. Other changes: - Fixed a bug I introduced when I overhauled the docker_container.running state, in which a container with no changes to be made, which was not running, would be started by the state even when test=True was passed. - Custom registry image names are now properly identified. The colon in the hostname of the custom registry was previously causing incorrect identification of the image name and tag, when no explicit tag was being passed (e.g. localhost:5000/myimage). - When configuring credentials, the creds for the Docker Hub can be configured under a registry named ``hub``. This keeps the user from having to figure out the registry URL and configure it in their Pillar data, and thus makes using this module easier. - Removes the email address from the documentation for credential configuration. This was probably initially added because docker-py accepts it as an argument, but it is entirely ignored for purposes of authentication (even by docker-py) and is thus unnecessary. Relic of an earlier time in Docker's history, perhaps? - Fixed RST references to functions which weren't caught when this module was renamed to dockermod.py - Allow filter arguments in docker.networks to be passed as a comma-separated list as well as a Python list, in keeping with general usage elsewhere in Salt.
2017-04-02 21:27:06 +00:00
context = {'docker.exec_driver': 'docker-exec'}
salt_dunder = {'config.option': docker_config_mock}
Many improvements to docker network and container states Much Improved Support for Docker Networking =========================================== The `docker_network.present` state has undergone a full rewrite, which includes the following improvements: Full API Support for Network Management --------------------------------------- The improvements made to input handling in the `docker_container.running` state for 2017.7.0 have now been expanded to docker_network.present`. This brings with it full support for all tunable configuration arguments. Custom Subnets -------------- Custom subnets can now be configured. Both IPv4 and mixed IPv4/IPv6 networks are supported. Network Configuration in :py:func:`docker_container.running` States ------------------------------------------------------------------- It is now possible to configure static IPv4/IPv6 addresses, as well as links and labels. Improved Handling of Images from Custom Registries ================================================== Rather than attempting to parse the tag from the passed image name, Salt will now resolve that tag down to an image ID and use that ID instead. Due to this change, there are some backward-incompatible changes to image management. See below for a full list of these changes. Backward-incompatible Changes to Docker Image Management -------------------------------------------------------- Passing image names to the following functions must now be done using separate `repository` and `tag` arguments: - `docker.build` - `docker.commit` - `docker.import` - `docker.load` - `docker.tag` - `docker.sls_build` Additionally, the `tag` argument must now be explicitly passed to the `docker_image.present` state, unless the image is being pulled from a docker registry.
2017-11-01 02:04:41 +00:00
with patch.object(docker_mod, 'run_all', docker_run_all_mock), \
patch.object(docker_mod, 'copy_to', docker_copy_to_mock), \
patch.object(docker_mod, '_get_client', get_client_mock), \
patch.dict(docker_mod.__opts__, {'cachedir': '/tmp'}), \
patch.dict(docker_mod.__salt__, salt_dunder), \
patch.dict(docker_mod.__context__, context):
# call twice to verify tmp path later
for i in range(2):
ret = docker_mod.call('ID', 'test.arg', 1, 2, arg1='val1')
# Check that the directory is different each time
# [ call(name, [args]), ...
2017-05-03 00:50:03 +00:00
self.maxDiff = None
self.assertIn('mkdir', docker_run_all_mock.mock_calls[0][1][1])
2017-05-03 00:50:03 +00:00
self.assertIn('mkdir', docker_run_all_mock.mock_calls[4][1][1])
self.assertNotEqual(docker_run_all_mock.mock_calls[0][1][1],
docker_run_all_mock.mock_calls[4][1][1])
2017-05-03 00:50:03 +00:00
self.assertIn('salt-call', docker_run_all_mock.mock_calls[2][1][1])
self.assertIn('salt-call', docker_run_all_mock.mock_calls[6][1][1])
self.assertNotEqual(docker_run_all_mock.mock_calls[2][1][1],
2017-05-03 00:50:03 +00:00
docker_run_all_mock.mock_calls[6][1][1])
# check thin untar
self.assertIn('tarfile', docker_run_all_mock.mock_calls[1][1][1])
self.assertIn('tarfile', docker_run_all_mock.mock_calls[5][1][1])
self.assertNotEqual(docker_run_all_mock.mock_calls[1][1][1],
docker_run_all_mock.mock_calls[5][1][1])
2017-05-03 00:50:03 +00:00
# check directory cleanup
self.assertIn('rm -rf', docker_run_all_mock.mock_calls[3][1][1])
self.assertIn('rm -rf', docker_run_all_mock.mock_calls[7][1][1])
self.assertNotEqual(docker_run_all_mock.mock_calls[3][1][1],
docker_run_all_mock.mock_calls[7][1][1])
self.assertEqual({"retcode": 0, "comment": "container cmd"}, ret)
2016-07-06 09:49:39 +00:00
def test_images_with_empty_tags(self):
'''
docker 1.12 reports also images without tags with `null`.
'''
client = Mock()
client.api_version = '1.24'
client.images = Mock(
return_value=[{'Id': 'sha256:abcde',
'RepoTags': None},
{'Id': 'sha256:abcdef'},
{'Id': 'sha256:abcdefg',
'RepoTags': ['image:latest']}])
Improved Docker auth handling and other misc. Docker improvements This commit changes how we handle Docker authentication. We no longer try to auth when pushing/pulling images. This was initially done based on a misunderstanding of how authentication was handled in docker-py. docker-py will automagically use the base64-encoded username/password combination stored in config.json if present, so we don't need to auth at all for push or pull, docker-py will handle all of that. We just need to make sure that we get the auth info into the config.json. To do this I have added a login() function to the execution module, which uses the Docker CLI to authenticate (with output_loglevel set to "quiet" to suppress any logging of the credentials). The CLI is used in this instance because docker-py provides no interface by which to persist a login in the config.json; it can read from the file, but is not designed to *write* to it. Rather than trying to write to this file ourselves, and potentially breaking it when (not *if*) Docker decides to change the internal format of the JSON data structure, using the CLI is a way of future-proofing the authentication logic. Context caching of the docker-py client instance has also been removed. Context caching was used based on the same incorrect understanding of how docker-py handles authentication, and sought to avoid repeated login attempts. As that is no longer a concern, there is no need to cache the client instance in the context dunder because we don't really gain a performance benefit from it. The _image_wrapper() function has been removed, as it no longer serves any purpose, and the image-specific code in it that was still needed has been absorbed into the _client_wrapper() helper. The functions which used the _image_wrapper() helper (like push() and pull()) now use _client_wrapper(). Additionally, the decorators used to enforce a minimum Docker version (or Docker API version) have been removed. These are not necessary since docker-py handles raising exceptions when a given feature is not supported by the effective API version. The _client_wrapper() helper function now checks for miscellaneous docker exceptions by catching the docker.errors.DockerException class, which is the base class for the custom exceptions raised by docker-py, and by doing so catches exceptions raised due to API version incompatibility (and more). The list of functions in the top-level docstring has been removed as it is very out-of-date, and is somewhat superfluous anyway given that we have for some time now had a list of the functions on the right side of the page in the documentation. Other changes: - Fixed a bug I introduced when I overhauled the docker_container.running state, in which a container with no changes to be made, which was not running, would be started by the state even when test=True was passed. - Custom registry image names are now properly identified. The colon in the hostname of the custom registry was previously causing incorrect identification of the image name and tag, when no explicit tag was being passed (e.g. localhost:5000/myimage). - When configuring credentials, the creds for the Docker Hub can be configured under a registry named ``hub``. This keeps the user from having to figure out the registry URL and configure it in their Pillar data, and thus makes using this module easier. - Removes the email address from the documentation for credential configuration. This was probably initially added because docker-py accepts it as an argument, but it is entirely ignored for purposes of authentication (even by docker-py) and is thus unnecessary. Relic of an earlier time in Docker's history, perhaps? - Fixed RST references to functions which weren't caught when this module was renamed to dockermod.py - Allow filter arguments in docker.networks to be passed as a comma-separated list as well as a Python list, in keeping with general usage elsewhere in Salt.
2017-04-02 21:27:06 +00:00
get_client_mock = MagicMock(return_value=client)
with patch.object(docker_mod, '_get_client', get_client_mock):
docker_mod._clear_context()
result = docker_mod.images()
self.assertEqual(result,
{'sha256:abcdefg': {'RepoTags': ['image:latest']}})
def test_compare_container_image_id_resolution(self):
'''
2017-08-24 19:09:29 +00:00
Test comparing two containers when one's inspect output is an ID and
not formatted in image:tag notation.
'''
def _inspect_container_effect(id_):
return {
'container1': {'Config': {'Image': 'realimage:latest'},
2017-08-24 19:09:29 +00:00
'HostConfig': {}},
'container2': {'Config': {'Image': 'image_id'},
2017-08-24 19:09:29 +00:00
'HostConfig': {}},
}[id_]
def _inspect_image_effect(id_):
return {
'realimage:latest': {'Id': 'image_id'},
'image_id': {'Id': 'image_id'},
}[id_]
inspect_container_mock = MagicMock(side_effect=_inspect_container_effect)
inspect_image_mock = MagicMock(side_effect=_inspect_image_effect)
with patch.object(docker_mod, 'inspect_container', inspect_container_mock):
with patch.object(docker_mod, 'inspect_image', inspect_image_mock):
ret = docker_mod.compare_container('container1', 'container2')
self.assertEqual(ret, {})
def test_resolve_tag(self):
'''
Many improvements to docker network and container states Much Improved Support for Docker Networking =========================================== The `docker_network.present` state has undergone a full rewrite, which includes the following improvements: Full API Support for Network Management --------------------------------------- The improvements made to input handling in the `docker_container.running` state for 2017.7.0 have now been expanded to docker_network.present`. This brings with it full support for all tunable configuration arguments. Custom Subnets -------------- Custom subnets can now be configured. Both IPv4 and mixed IPv4/IPv6 networks are supported. Network Configuration in :py:func:`docker_container.running` States ------------------------------------------------------------------- It is now possible to configure static IPv4/IPv6 addresses, as well as links and labels. Improved Handling of Images from Custom Registries ================================================== Rather than attempting to parse the tag from the passed image name, Salt will now resolve that tag down to an image ID and use that ID instead. Due to this change, there are some backward-incompatible changes to image management. See below for a full list of these changes. Backward-incompatible Changes to Docker Image Management -------------------------------------------------------- Passing image names to the following functions must now be done using separate `repository` and `tag` arguments: - `docker.build` - `docker.commit` - `docker.import` - `docker.load` - `docker.tag` - `docker.sls_build` Additionally, the `tag` argument must now be explicitly passed to the `docker_image.present` state, unless the image is being pulled from a docker registry.
2017-11-01 02:04:41 +00:00
Test the resolve_tag function. It runs docker.insect_image on the image
name passed and then looks for the RepoTags key in the result
'''
id_ = 'sha256:6ad733544a6317992a6fac4eb19fe1df577d4dec7529efec28a5bd0edad0fd30'
tags = ['foo:latest', 'foo:bar']
mock_tagged = MagicMock(return_value={'Id': id_, 'RepoTags': tags})
mock_untagged = MagicMock(return_value={'Id': id_, 'RepoTags': []})
mock_unexpected = MagicMock(return_value={'Id': id_})
mock_not_found = MagicMock(side_effect=CommandExecutionError())
with patch.object(docker_mod, 'inspect_image', mock_tagged):
self.assertEqual(docker_mod.resolve_tag('foo'), tags[0])
self.assertEqual(docker_mod.resolve_tag('foo', all=True), tags)
with patch.object(docker_mod, 'inspect_image', mock_untagged):
self.assertEqual(docker_mod.resolve_tag('foo'), id_)
self.assertEqual(docker_mod.resolve_tag('foo', all=True), [id_])
with patch.object(docker_mod, 'inspect_image', mock_unexpected):
self.assertEqual(docker_mod.resolve_tag('foo'), id_)
self.assertEqual(docker_mod.resolve_tag('foo', all=True), [id_])
with patch.object(docker_mod, 'inspect_image', mock_not_found):
self.assertIs(docker_mod.resolve_tag('foo'), False)
self.assertIs(docker_mod.resolve_tag('foo', all=True), False)