e2e podman private registry #17642
e2e podman private registry #17642
Conversation
shoenig
force-pushed
the
e2e-podman-private-registry
branch
from
842e44a
to
3227041
Compare
shoenig
force-pushed
the
e2e-podman-private-registry
branch
from
3227041
to
bebbc16
Compare
shoenig
force-pushed
the
e2e-podman-private-registry
branch
from
2ec4660
to
bbe48bb
Compare
shoenig
force-pushed
the
e2e-podman-private-registry
branch
from
946e613
to
026129e
Compare
shoenig
force-pushed
the
e2e-podman-private-registry
branch
from
490cf77
to
3843526
Compare
shoenig
force-pushed
the
e2e-podman-private-registry
branch
from
9472a6b
to
23d48ce
Compare
This PR adds e2e tests that stands up a private docker registry and has a podman tasks run a container from an image in that private registry. Tests - user:password set in task config - auth_soft_fail works for public images when auth is set in driver - credentials helper is set in driver auth config - config auth.json file is set in driver auth config
shoenig
force-pushed
the
e2e-podman-private-registry
branch
from
e5baa60
to
79844cb
Compare
shoenig
force-pushed
the
e2e-podman-private-registry
branch
from
82416f7
to
3006a2c
Compare
shoenig
force-pushed
the
e2e-podman-private-registry
branch
from
3006a2c
to
f32a57c
Compare
shoenig
force-pushed
the
e2e-podman-private-registry
branch
from
f32a57c
to
feea8b9
Compare
shoenig
force-pushed
the
e2e-podman-private-registry
branch
from
feea8b9
to
68440d3
Compare
shoenig
force-pushed
the
e2e-podman-private-registry
branch
from
68440d3
to
abaa4fd
Compare
| # This job runs after the private registry is up and running, when we know | ||
| # address and port provided by the bridge network. It is a sysbatch job | ||
| # that writes these files on every linux client. | ||
| # - /usr/local/bin/docker-credential-test.sh |
There was a problem hiding this comment.
this is "docker-credential-" rather than "podman-credential-" because the registry itself is docker?
There was a problem hiding this comment.
It's just because the "official" credentials helpers in the ecosystem are provided by docker and their documentation prefixes everything using "docker-credential-"
https://github.com/docker/docker-credential-helpers/tree/master
I suppose we could search for either prefix, but unless someone actually asks for it I think we should just keep it simple and working with the known tools.
|
|
||
| # write out the test.sh file into var.helper_dir | ||
| task "create-helper-file" { | ||
| driver = "pledge" |
| destination = "local/auth.json" | ||
| data = <<EOH | ||
| { | ||
| "auths": { |
There was a problem hiding this comment.
This one's pretty trivial, but I like jsonencode to avoid possibly-invalid raw json.
| # Copyright (c) HashiCorp, Inc. | ||
| # SPDX-License-Identifier: MPL-2.0 | ||
|
|
||
| # This job stands up a private container registry for use in e2e tests. |
There was a problem hiding this comment.
idle pondering: I wonder if a general version of this might be nice for other things one day.
There was a problem hiding this comment.
we should at least add similar tests for the docker driver, but that's for another PR
| jobs3.Var("user", "root"), | ||
| jobs3.Var("helper_dir", "/usr/local/bin"), | ||
| jobs3.Var("auth_dir", "/etc"), | ||
| jobs3.WaitComplete("create-files"), |
There was a problem hiding this comment.
took me a minute to determine that "create-files" here is a task group name?
There was a problem hiding this comment.
oh good feedback, maybe this could be WaitGroupComplete or something
| sudo apt-add-repository "deb [arch=amd64] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | ||
| wget -O- https://apt.releases.hashicorp.com/gpg | sudo gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg | ||
| echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list | ||
| sudo apt-get update && sudo apt-get install nomad |
There was a problem hiding this comment.
nomad is already being installed on line 65 down below with consul-enterprise. could save an apt update here too and let line 60 handle that.
Co-authored-by: Daniel Bennett <dbennett@hashicorp.com>
* e2e: add tests for using private registry with podman driver This PR adds e2e tests that stands up a private docker registry and has a podman tasks run a container from an image in that private registry. Tests - user:password set in task config - auth_soft_fail works for public images when auth is set in driver - credentials helper is set in driver auth config - config auth.json file is set in driver auth config * packer: use nomad-driver-podman v0.5.0 * e2e: eliminate unnecessary chmod Co-authored-by: Daniel Bennett <dbennett@hashicorp.com> * cr: no need to install nomad twice * cl: no need to install docker twice --------- Co-authored-by: Daniel Bennett <dbennett@hashicorp.com>
note: I had to add
-kto a few curl commands - I'm fairly sure the base Ubuntu image did a Bad Thing to its own trust store / curl package and we'll need to ignore certificate errors until that is fixed. Also replaced the use of the deprecatedapt-keycommand with the gpg/tee dance recommended by Docker and Hashicorp packaging.e2e: add a test for using private registry with podman driver
This PR adds e2e tests that stands up a private docker registry
and has a podman tasks run a container from an image in that private
registry.
Tests
Spot check against e2e: