From 78639f0217d4027bf2d5542473562a1634f92ba8 Mon Sep 17 00:00:00 2001
From: Michael Gugino <mgugino@redhat.com>
Date: Tue, 3 Oct 2017 18:50:10 -0400
Subject: docker_image_availability: credentials to skopeo

Currently, docker_image_availability health_check
does not support authenticated registries.

This commit adds the '--creds=' option to skopeo
if needed to support authentication credentials.

Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1316341

Some other fixes to handle docker config better:

Should now account properly for blocked registries, insecure registries,
multiple additional registries, and oreg_url registry with or without credentials.
Output on failure should be clearer about what was tried.

Fixed a bug in the action_plugin_test exposed by these changes.
---
 .../test/action_plugin_test.py                     |  1 +
 .../test/docker_image_availability_test.py         | 49 ++++------------------
 2 files changed, 10 insertions(+), 40 deletions(-)

(limited to 'roles/openshift_health_checker/test')

diff --git a/roles/openshift_health_checker/test/action_plugin_test.py b/roles/openshift_health_checker/test/action_plugin_test.py
index f14887303..40ad27d5d 100644
--- a/roles/openshift_health_checker/test/action_plugin_test.py
+++ b/roles/openshift_health_checker/test/action_plugin_test.py
@@ -94,6 +94,7 @@ def skipped(result):
     {},
 ])
 def test_action_plugin_missing_openshift_facts(plugin, task_vars, monkeypatch):
+    monkeypatch.setattr(plugin, 'load_known_checks', lambda *_: {})
     monkeypatch.setattr('openshift_health_check.resolve_checks', lambda *args: ['fake_check'])
     result = plugin.run(tmp=None, task_vars=task_vars)
 
diff --git a/roles/openshift_health_checker/test/docker_image_availability_test.py b/roles/openshift_health_checker/test/docker_image_availability_test.py
index 43dcf0c9a..dec99e5db 100644
--- a/roles/openshift_health_checker/test/docker_image_availability_test.py
+++ b/roles/openshift_health_checker/test/docker_image_availability_test.py
@@ -98,40 +98,7 @@ def test_all_images_unavailable(task_vars):
     actual = check.run()
 
     assert actual['failed']
-    assert "required Docker images are not available" in actual['msg']
-
-
-def test_no_known_registries():
-    def execute_module(module_name=None, *_):
-        if module_name == "command":
-            return {
-                'failed': True,
-            }
-
-        return {
-            'changed': False,
-        }
-
-    def mock_known_docker_registries():
-        return []
-
-    dia = DockerImageAvailability(execute_module, task_vars=dict(
-        openshift=dict(
-            common=dict(
-                service_type='origin',
-                is_containerized=False,
-                is_atomic=False,
-            )
-        ),
-        openshift_docker_additional_registries=["docker.io"],
-        openshift_deployment_type="openshift-enterprise",
-        openshift_image_tag='latest',
-        group_names=['oo_nodes_to_config', 'oo_masters_to_config'],
-    ))
-    dia.known_docker_registries = mock_known_docker_registries
-    actual = dia.run()
-    assert actual['failed']
-    assert "Unable to retrieve any docker registries." in actual['msg']
+    assert "required container images are not available" in actual['msg']
 
 
 @pytest.mark.parametrize("message,extra_words", [
@@ -172,13 +139,13 @@ def test_skopeo_update_failure(task_vars, message, extra_words):
             "spam/eggs:v1", ["test.reg"],
             True, True,
             False,
-            {"test.reg": False},
+            {"test.reg": False, "docker.io": False},
         ),
         (
             "spam/eggs:v1", ["test.reg"],
             False, True,
             False,
-            {"test.reg": True},
+            {"test.reg": True, "docker.io": True},
         ),
         (
             "eggs.reg/spam/eggs:v1", ["test.reg"],
@@ -195,17 +162,19 @@ def test_registry_availability(image, registries, connection_test_failed, skopeo
         elif module_name == "command":
             return dict(msg="msg", failed=skopeo_failed)
 
-    check = DockerImageAvailability(execute_module, task_vars())
+    tv = task_vars()
+    tv.update({"openshift_docker_additional_registries": registries})
+    check = DockerImageAvailability(execute_module, tv)
     check._module_retry_interval = 0
 
-    available = check.is_available_skopeo_image(image, registries)
+    available = check.is_available_skopeo_image(image)
     assert available == expect_success
     assert expect_registries_reached == check.reachable_registries
 
 
 @pytest.mark.parametrize("deployment_type, is_containerized, groups, oreg_url, expected", [
     (  # standard set of stuff required on nodes
-        "origin", False, ['oo_nodes_to_config'], None,
+        "origin", False, ['oo_nodes_to_config'], "",
         set([
             'openshift/origin-pod:vtest',
             'openshift/origin-deployer:vtest',
@@ -225,7 +194,7 @@ def test_registry_availability(image, registries, connection_test_failed, skopeo
         ])
     ),
     (
-        "origin", True, ['oo_nodes_to_config', 'oo_masters_to_config', 'oo_etcd_to_config'], None,
+        "origin", True, ['oo_nodes_to_config', 'oo_masters_to_config', 'oo_etcd_to_config'], "",
         set([
             # images running on top of openshift
             'openshift/origin-pod:vtest',
-- 
cgit v1.2.1