// buildAndPushTestImagesTo builds a given number of test images. The images are pushed to a new image stream
// of given name under <tagPrefix><X> where X is a number of image starting from 1.
func buildAndPushTestImagesTo(oc *exutil.CLI, isName string, tagPrefix string, numberOfImages int) (tag2Image map[string]imageapi.Image, err error) {
dClient, err := testutil.NewDockerClient()
if err != nil {
return
}
tag2Image = make(map[string]imageapi.Image)
for i := 1; i <= numberOfImages; i++ {
tag := fmt.Sprintf("%s%d", tagPrefix, i)
dgst, err := imagesutil.BuildAndPushImageOfSizeWithDocker(oc, dClient, isName, tag, imageSize, 2, g.GinkgoWriter, true)
if err != nil {
return nil, err
}
ist, err := oc.Client().ImageStreamTags(oc.Namespace()).Get(isName, tag)
if err != nil {
return nil, err
}
if dgst != ist.Image.Name {
return nil, fmt.Errorf("digest of built image does not match stored: %s != %s", dgst, ist.Image.Name)
}
tag2Image[tag] = ist.Image
}
return
}
g.It(fmt.Sprintf("should deny a push of built image exceeding %s quota", imageapi.ResourceImageStreams), func() {
oc.SetOutputDir(exutil.TestContext.OutputDir)
defer tearDown(oc)
dClient, err := testutil.NewDockerClient()
o.Expect(err).NotTo(o.HaveOccurred())
outSink := g.GinkgoWriter
quota := kapi.ResourceList{
imageapi.ResourceImageStreams: resource.MustParse("0"),
}
_, err = createResourceQuota(oc, quota)
o.Expect(err).NotTo(o.HaveOccurred())
g.By(fmt.Sprintf("trying to push image exceeding quota %v", quota))
_, err = imagesutil.BuildAndPushImageOfSizeWithDocker(oc, dClient, "first", "refused", imageSize, 1, outSink, false)
o.Expect(err).NotTo(o.HaveOccurred())
quota, err = bumpQuota(oc, imageapi.ResourceImageStreams, 1)
o.Expect(err).NotTo(o.HaveOccurred())
g.By(fmt.Sprintf("trying to push image below quota %v", quota))
_, err = imagesutil.BuildAndPushImageOfSizeWithDocker(oc, dClient, "first", "tag1", imageSize, 1, outSink, true)
o.Expect(err).NotTo(o.HaveOccurred())
used, err := waitForResourceQuotaSync(oc, quotaName, quota)
o.Expect(err).NotTo(o.HaveOccurred())
o.Expect(assertQuotasEqual(used, quota)).NotTo(o.HaveOccurred())
g.By(fmt.Sprintf("trying to push image to existing image stream %v", quota))
_, err = imagesutil.BuildAndPushImageOfSizeWithDocker(oc, dClient, "first", "tag2", imageSize, 1, outSink, true)
o.Expect(err).NotTo(o.HaveOccurred())
g.It("registry can get access to manifest", func() {
oc.SetOutputDir(exutil.TestContext.OutputDir)
defer tearDown(oc)
g.By("set up policy for registry to have anonymous access to images")
err := oc.Run("policy").Args("add-role-to-user", "registry-viewer", "system:anonymous").Execute()
o.Expect(err).NotTo(o.HaveOccurred())
dClient, err := testutil.NewDockerClient()
o.Expect(err).NotTo(o.HaveOccurred())
registryURL, err := imagesutil.GetDockerRegistryURL(oc)
o.Expect(err).NotTo(o.HaveOccurred())
g.By("pushing image...")
imageDigest, err := imagesutil.BuildAndPushImageOfSizeWithDocker(oc, dClient, repoName, tagName, imageSize, 1, g.GinkgoWriter, true)
o.Expect(err).NotTo(o.HaveOccurred())
g.By("checking that the image converted...")
image, err := oc.AsAdmin().Client().Images().Get(imageDigest)
o.Expect(err).NotTo(o.HaveOccurred())
o.Expect(len(image.DockerImageManifest)).Should(o.Equal(0))
imageMetadataNotEmpty(image)
g.By("getting image manifest from docker-registry...")
conn, err := regclient.NewClient(10*time.Second, true).Connect(registryURL, true)
o.Expect(err).NotTo(o.HaveOccurred())
_, manifest, err := conn.ImageManifest(oc.Namespace(), repoName, tagName)
o.Expect(err).NotTo(o.HaveOccurred())
o.Expect(len(manifest)).Should(o.BeNumerically(">", 0))