forked from crosslibs/img-authz-plugin
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathtests.py
93 lines (73 loc) · 2.92 KB
/
tests.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
#!/bin/python
# Docker Image Authorization Plugin
# Test scripts for authorization plugin
# Author: Chaitanya Prakash N <[email protected]>
import docker
import unittest
from subprocess import call
class TestAuthorizationPlugin(unittest.TestCase):
@classmethod
def setUpClass(cls):
call(["make"])
call(["make", "config"])
call(["make", "install"])
call(["systemctl", "daemon-reload"])
call(["systemctl", "restart", "img-authz-plugin"])
call(["systemctl", "start", "docker"])
def setup_with_registries(self, registries):
if registries == None:
registries = ""
call(["make", "config", "REGISTRIES=%s"%registries])
call(["make", "uninstall"])
call(["make", "install"])
call(["systemctl", "daemon-reload"])
call(["systemctl", "restart", "img-authz-plugin"])
def docker_pull(self, image):
client = docker.from_env()
try:
client.images.pull(image)
except docker.errors.APIError, exception:
return False
return True
def docker_run(self, image):
client = docker.from_env()
try:
client.containers.run(image, "echo 'from container'")
except docker.errors.APIError, exception:
return False
return True
def docker_pull_is_denied(self, image):
self.assertEqual(self.docker_pull(image), False)
def docker_pull_is_allowed(self, image):
self.assertEqual(self.docker_pull(image), True)
def docker_run_is_denied(self, image):
self.assertEqual(self.docker_run(image), False)
def docker_run_is_allowed(self, image):
self.assertEqual(self.docker_run(image), True)
def test_pull_is_not_allowed_when_no_registries_are_authorized(self):
self.setup_with_registries(None)
self.docker_pull_is_denied("alpine:latest")
def test_run_is_not_allowed_when_no_registries_are_authorized(self):
self.setup_with_registries(None)
self.docker_run_is_denied("alpine:latest")
def test_pull_is_not_allowed_when_registry_is_not_authorized(self):
self.setup_with_registries("library")
self.docker_pull_is_denied("my.docker.registry/alpine:latest")
def test_run_is_not_allowed_when_registry_is_not_authorized(self):
self.setup_with_registries("library")
self.docker_run_is_denied("my.docker.registry/alpine:latest")
def test_pull_is_allowed_when_registry_is_authorized(self):
self.setup_with_registries("library")
self.docker_pull_is_allowed("alpine:latest")
def test_run_is_allowed_when_registry_is_authorized(self):
self.setup_with_registries("library")
self.docker_run_is_allowed("alpine:latest")
def test_pull_is_allowed_when_multiple_registries_are_authorized(self):
self.setup_with_registries("my.docker.registry,library")
self.docker_pull_is_allowed("alpine:latest")
def test_run_is_allowed_when_multiple_registries_are_authorized(self):
self.setup_with_registries("my.docker.registry,library")
self.docker_run_is_allowed("alpine:latest")
# Start the tests
suite = unittest.TestLoader().loadTestsFromTestCase(TestAuthorizationPlugin)
unittest.TextTestRunner(verbosity=2).run(suite)