Skip to content

Commit

Permalink
chore: add test for Harbor 412 repackaging (#931)
Browse files Browse the repository at this point in the history
Signed-off-by: SdgJlbl <sarah.diot-girard@owkin.com>
  • Loading branch information
SdgJlbl authored Jun 14, 2024
1 parent b97d82c commit 682c4aa
Show file tree
Hide file tree
Showing 5 changed files with 38 additions and 10 deletions.
7 changes: 3 additions & 4 deletions backend/substrapp/compute_tasks/execute.py
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@
from django.conf import settings

from orchestrator import get_orchestrator_client
from substrapp import docker_registry
from substrapp.compute_tasks import compute_task as task_utils
from substrapp.compute_tasks import errors as compute_task_errors
from substrapp.compute_tasks import image_builder
Expand All @@ -29,8 +30,6 @@
from substrapp.compute_tasks.environment import get_environment
from substrapp.compute_tasks.volumes import get_volumes
from substrapp.compute_tasks.volumes import get_worker_subtuple_pvc_name
from substrapp.docker_registry import get_container_image_name
from substrapp.docker_registry import get_entrypoint
from substrapp.exceptions import OrganizationError
from substrapp.exceptions import OrganizationHttpError
from substrapp.exceptions import PodReadinessTimeoutError
Expand Down Expand Up @@ -76,13 +75,13 @@ def execute_compute_task(ctx: Context) -> None:
pod_name = compute_pod.name

env = get_environment(ctx)
image = get_container_image_name(container_image_tag)
image = docker_registry.get_container_image_name(container_image_tag)

k8s_client = _get_k8s_client()

if _is_pod_creation_needed(compute_pod.label_selector, client=k8s_client):
# save entrypoint to DB
entrypoint = get_entrypoint(container_image_tag)
entrypoint = docker_registry.get_entrypoint(container_image_tag)

ImageEntrypoint.objects.get_or_create(
archive_checksum=ctx.function.archive_address.checksum, entrypoint_json=entrypoint
Expand Down
5 changes: 1 addition & 4 deletions backend/substrapp/docker_registry.py
Original file line number Diff line number Diff line change
Expand Up @@ -79,10 +79,7 @@ def get_request_docker_api(
if response.status_code != requests.status_codes.codes.ok:
if response.status_code == 412:
raise RegistryPreconditionFailedException(
f"The image requested at path {path} did not pass the "
"security checks; please contact an Harbor administrator "
"to ensure that the image was scanned, "
"and get more information about the CVE.",
f"The image located at {path} is either not scanned yet or not passing the vulnerability checks.",
response=response,
)
raise ImageNotFoundError(f"Error when querying docker-registry, status code: {response.status_code}")
Expand Down
4 changes: 2 additions & 2 deletions backend/substrapp/tasks/task.py
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@
from django.conf import settings

import orchestrator
from substrapp.compute_tasks.compute_pod import delete_compute_plan_pods
from substrapp.compute_tasks import compute_pod
from substrapp.models import FailedAssetKind
from substrapp.task_routing import WORKER_QUEUE
from substrapp.tasks.tasks_asset_failure_report import store_asset_failure_report
Expand Down Expand Up @@ -74,7 +74,7 @@ def on_success(self, retval: dict[str, Any], task_id: str, args: tuple, kwargs:
def on_retry(self, exc: Exception, task_id: str, args: tuple, kwargs: dict[str, Any], einfo: ExceptionInfo) -> None:
_, task = self.split_args(args)
# delete compute pod to reset hardware resources
delete_compute_plan_pods(task.compute_plan_key)
compute_pod.delete_compute_plan_pods(task.compute_plan_key)
logger.info(
"Retrying task",
celery_task_id=task_id,
Expand Down
9 changes: 9 additions & 0 deletions backend/substrapp/tasks/tasks_compute_task.py
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@

import orchestrator
from backend.celery import app
from substrapp import docker_registry
from substrapp.clients import organization as organization_client
from substrapp.compute_tasks import compute_task as task_utils
from substrapp.compute_tasks import errors as compute_task_errors
Expand Down Expand Up @@ -120,6 +121,14 @@ def compute_task(self: ComputeTask, channel_name: str, serialized_task: str, com
except (task_utils.ComputePlanNonRunnableError, task_utils.TaskNonRunnableStatusError) as exception:
logger.exception(exception)
raise celery.exceptions.Ignore
except docker_registry.RegistryPreconditionFailedException as exception:
logger.exception(exception)
raise compute_task_errors.CeleryRetryError(
f"The image associated with the task {task.key} did not pass the "
"security checks; please contact an Harbor administrator "
"to ensure that the image was scanned, "
"and get more information about the CVE."
) from exception
except compute_task_errors.CeleryNoRetryError as exception:
logger.exception(exception)
raise
Expand Down
23 changes: 23 additions & 0 deletions backend/substrapp/tests/compute_tasks/test_compute_task.py
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,10 @@
import orchestrator
import orchestrator.client as orc_client
import orchestrator.mock as orc_mock
from substrapp import docker_registry
from substrapp.compute_tasks import compute_task as task_utils
from substrapp.compute_tasks.errors import CeleryRetryError
from substrapp.tasks import compute_task

RUNNABLE_TASK_STATUSES = task_utils._RUNNABLE_TASK_STATUSES
NON_RUNNABLE_TASK_STATUSES = [
Expand Down Expand Up @@ -122,3 +125,23 @@ def test_start_task_if_not_started(client: mock.Mock, status, should_update: boo

if should_update:
client.update_task_status.assert_called_once()


def test_compute_task_412_repackaged(mocker, celery_app, celery_worker):
mocker.patch(
"substrapp.docker_registry.get_request_docker_api",
side_effect=docker_registry.RegistryPreconditionFailedException,
)
mocker.patch("substrapp.compute_tasks.compute_pod.delete_compute_plan_pods")
task = orc_mock.ComputeTaskFactory()
with pytest.raises(CeleryRetryError) as exception:
r = compute_task.apply(
args=(
"channel-name",
task.model_dump_json(),
task.compute_plan_key,
),
retries=1,
)
r.get()
assert "please contact an Harbor administrator" in str(exception)

0 comments on commit 682c4aa

Please sign in to comment.