containerPushToRegistry: Add possibility to copy image from private registry (#4242)

* Add possibility to copy image from private registry

* Fix tests

src/com/sap/piper/DockerUtils.groovy

@@ -37,20 +37,19 @@ class DockerUtils implements Serializable {
         def targetImageFullName = targetDockerRegistry + target.image
 
         if (!withDockerDaemon()) {
-            script.withCredentials([script.usernamePassword(
-                credentialsId: target.credentialsId,
-                passwordVariable: 'password',
-                usernameVariable: 'userid'
-            )]) {
-                skopeoMoveImage(sourceImageFullName, targetImageFullName, script.userid, script.password)
+            script.withCredentials([
+                script.usernamePassword(credentialsId: source.credentialsId, passwordVariable: 'src_password', usernameVariable: 'src_userid'), 
+                script.usernamePassword(credentialsId: target.credentialsId, passwordVariable: 'password', usernameVariable: 'userid')
+            ]) {
+                skopeoMoveImage(sourceImageFullName, script.src_userid, script.src_password, targetImageFullName, script.userid, script.password)
             }
         }
         //else not yet implemented here - available directly via containerPushToRegistry
 
     }
 
-    private void skopeoMoveImage(sourceImageFullName, targetImageFullName, targetUserId, targetPassword) {
-        script.sh "skopeo copy --src-tls-verify=false --dest-tls-verify=false --dest-creds=${BashUtils.quoteAndEscape(targetUserId)}:${BashUtils.quoteAndEscape(targetPassword)} docker://${sourceImageFullName} docker://${targetImageFullName}"
+    private void skopeoMoveImage(sourceImageFullName, sourceUserId, sourcePassword, targetImageFullName, targetUserId, targetPassword) {
+        script.sh "skopeo copy --src-tls-verify=false --src-creds=${BashUtils.quoteAndEscape(sourceUserId)}:${BashUtils.quoteAndEscape(sourcePassword)} --dest-tls-verify=false --dest-creds=${BashUtils.quoteAndEscape(targetUserId)}:${BashUtils.quoteAndEscape(targetPassword)} docker://${sourceImageFullName} docker://${targetImageFullName}"
     }
 
 

test/groovy/ContainerPushToRegistryTest.groovy

@@ -293,10 +293,11 @@ class ContainerPushToRegistryTest extends BasePiperTest {
             dockerRegistryUrl: 'https://my.registry:55555',
             skopeoImage: 'skopeo:latest',
             sourceImage: 'sourceImage:sourceTag',
-            sourceRegistryUrl: 'https://my.source.registry:44444'
+            sourceRegistryUrl: 'https://my.source.registry:44444',
+            sourceCredentialsId: 'testCredentialsId'
         )
 
-        assertThat(shellCallRule.shell, hasItem('skopeo copy --src-tls-verify=false --dest-tls-verify=false --dest-creds=\'registryUser\':\'********\' docker://my.source.registry:44444/sourceImage:sourceTag docker://my.registry:55555/testImage:tag'))
+        assertThat(shellCallRule.shell, hasItem('skopeo copy --src-tls-verify=false --src-creds=\'registryUser\':\'********\' --dest-tls-verify=false --dest-creds=\'registryUser\':\'********\' docker://my.source.registry:44444/sourceImage:sourceTag docker://my.registry:55555/testImage:tag'))
         assertThat(dockerRule.dockerParams.dockerImage, is('skopeo:latest'))
     }
 
@@ -312,11 +313,12 @@ class ContainerPushToRegistryTest extends BasePiperTest {
             dockerRegistryUrl: 'https://my.registry:55555',
             sourceImage: 'sourceImage:sourceTag',
             sourceRegistryUrl: 'https://my.source.registry:44444',
+            sourceCredentialsId: 'testCredentialsId',
             tagLatest: true
         )
 
-        assertThat(shellCallRule.shell, hasItem('skopeo copy --src-tls-verify=false --dest-tls-verify=false --dest-creds=\'registryUser\':\'********\' docker://my.source.registry:44444/sourceImage:sourceTag docker://my.registry:55555/testImage:tag'))
-        assertThat(shellCallRule.shell, hasItem('skopeo copy --src-tls-verify=false --dest-tls-verify=false --dest-creds=\'registryUser\':\'********\' docker://my.source.registry:44444/sourceImage:sourceTag docker://my.registry:55555/testImage:latest'))
+        assertThat(shellCallRule.shell, hasItem('skopeo copy --src-tls-verify=false --src-creds=\'registryUser\':\'********\' --dest-tls-verify=false --dest-creds=\'registryUser\':\'********\' docker://my.source.registry:44444/sourceImage:sourceTag docker://my.registry:55555/testImage:tag'))
+        assertThat(shellCallRule.shell, hasItem('skopeo copy --src-tls-verify=false --src-creds=\'registryUser\':\'********\' --dest-tls-verify=false --dest-creds=\'registryUser\':\'********\' docker://my.source.registry:44444/sourceImage:sourceTag docker://my.registry:55555/testImage:latest'))
     }
 
     @Test
@@ -332,11 +334,12 @@ class ContainerPushToRegistryTest extends BasePiperTest {
             dockerRegistryUrl: 'https://my.registry:55555',
             sourceImage: 'sourceImage:sourceTag',
             sourceRegistryUrl: 'https://my.source.registry:44444',
+            sourceCredentialsId: 'testCredentialsId',
             tagArtifactVersion: true
         )
 
-        assertThat(shellCallRule.shell, hasItem('skopeo copy --src-tls-verify=false --dest-tls-verify=false --dest-creds=\'registryUser\':\'********\' docker://my.source.registry:44444/sourceImage:sourceTag docker://my.registry:55555/testImage:tag'))
-        assertThat(shellCallRule.shell, hasItem('skopeo copy --src-tls-verify=false --dest-tls-verify=false --dest-creds=\'registryUser\':\'********\' docker://my.source.registry:44444/sourceImage:sourceTag docker://my.registry:55555/testImage:1.0.0'))
+        assertThat(shellCallRule.shell, hasItem('skopeo copy --src-tls-verify=false --src-creds=\'registryUser\':\'********\' --dest-tls-verify=false --dest-creds=\'registryUser\':\'********\' docker://my.source.registry:44444/sourceImage:sourceTag docker://my.registry:55555/testImage:tag'))
+        assertThat(shellCallRule.shell, hasItem('skopeo copy --src-tls-verify=false --src-creds=\'registryUser\':\'********\' --dest-tls-verify=false --dest-creds=\'registryUser\':\'********\' docker://my.source.registry:44444/sourceImage:sourceTag docker://my.registry:55555/testImage:1.0.0'))
     }
 
     @Test
@@ -352,13 +355,14 @@ class ContainerPushToRegistryTest extends BasePiperTest {
             dockerRegistryUrl: 'https://my.registry:55555',
             sourceImage: 'sourceImage:sourceTag',
             sourceRegistryUrl: 'https://my.source.registry:44444',
+            sourceCredentialsId: 'testCredentialsId',
             tagLatest: true,
             tagArtifactVersion: true
         )
 
-        assertThat(shellCallRule.shell, hasItem('skopeo copy --src-tls-verify=false --dest-tls-verify=false --dest-creds=\'registryUser\':\'********\' docker://my.source.registry:44444/sourceImage:sourceTag docker://my.registry:55555/testImage:tag'))
-        assertThat(shellCallRule.shell, hasItem('skopeo copy --src-tls-verify=false --dest-tls-verify=false --dest-creds=\'registryUser\':\'********\' docker://my.source.registry:44444/sourceImage:sourceTag docker://my.registry:55555/testImage:latest'))
-        assertThat(shellCallRule.shell, hasItem('skopeo copy --src-tls-verify=false --dest-tls-verify=false --dest-creds=\'registryUser\':\'********\' docker://my.source.registry:44444/sourceImage:sourceTag docker://my.registry:55555/testImage:1.0.0'))
+        assertThat(shellCallRule.shell, hasItem('skopeo copy --src-tls-verify=false --src-creds=\'registryUser\':\'********\' --dest-tls-verify=false --dest-creds=\'registryUser\':\'********\' docker://my.source.registry:44444/sourceImage:sourceTag docker://my.registry:55555/testImage:tag'))
+        assertThat(shellCallRule.shell, hasItem('skopeo copy --src-tls-verify=false --src-creds=\'registryUser\':\'********\' --dest-tls-verify=false --dest-creds=\'registryUser\':\'********\' docker://my.source.registry:44444/sourceImage:sourceTag docker://my.registry:55555/testImage:latest'))
+        assertThat(shellCallRule.shell, hasItem('skopeo copy --src-tls-verify=false --src-creds=\'registryUser\':\'********\' --dest-tls-verify=false --dest-creds=\'registryUser\':\'********\' docker://my.source.registry:44444/sourceImage:sourceTag docker://my.registry:55555/testImage:1.0.0'))
     }
 
     @Test
@@ -371,10 +375,11 @@ class ContainerPushToRegistryTest extends BasePiperTest {
             dockerCredentialsId: 'testCredentialsId',
             dockerRegistryUrl: 'https://my.registry:55555',
             sourceImage: 'sourceImage:sourceTag',
-            sourceRegistryUrl: 'https://my.source.registry:44444'
+            sourceRegistryUrl: 'https://my.source.registry:44444',
+            sourceCredentialsId: 'testCredentialsId'
         )
 
-        assertThat(shellCallRule.shell, hasItem('skopeo copy --src-tls-verify=false --dest-tls-verify=false --dest-creds=\'registryUser\':\'********\' docker://my.source.registry:44444/sourceImage:sourceTag docker://my.registry:55555/sourceImage:sourceTag'))
+        assertThat(shellCallRule.shell, hasItem('skopeo copy --src-tls-verify=false --src-creds=\'registryUser\':\'********\' --dest-tls-verify=false --dest-creds=\'registryUser\':\'********\' docker://my.source.registry:44444/sourceImage:sourceTag docker://my.registry:55555/sourceImage:sourceTag'))
     }
 
     @Test
@@ -390,9 +395,10 @@ class ContainerPushToRegistryTest extends BasePiperTest {
             dockerCredentialsId: 'testCredentialsId',
             dockerRegistryUrl: 'https://my.registry:55555',
             sourceImage: 'sourceImage:sourceTag',
+            sourceCredentialsId: 'testCredentialsId'
         )
 
-        assertThat(shellCallRule.shell, hasItem('skopeo copy --src-tls-verify=false --dest-tls-verify=false --dest-creds=\'registryUser\':\'********\' docker://my.source.registry:44444/sourceImage:sourceTag docker://my.registry:55555/sourceImage:sourceTag'))
+        assertThat(shellCallRule.shell, hasItem('skopeo copy --src-tls-verify=false --src-creds=\'registryUser\':\'********\' --dest-tls-verify=false --dest-creds=\'registryUser\':\'********\' docker://my.source.registry:44444/sourceImage:sourceTag docker://my.registry:55555/sourceImage:sourceTag'))
     }
 
     @Test

test/groovy/com/sap/piper/DockerUtilsTest.groovy

@@ -68,7 +68,8 @@ class DockerUtilsTest extends BasePiperTest {
         dockerUtils.moveImage(
             [
                 registryUrl: 'https://my.source.registry:44444',
-                image: 'sourceImage:sourceTag'
+                image: 'sourceImage:sourceTag',
+                credentialsId: 'testCredentialsId'
             ],
             [
                 registryUrl: 'https://my.registry:55555',
@@ -77,7 +78,7 @@ class DockerUtilsTest extends BasePiperTest {
             ]
         )
 
-        assertThat(shellCallRule.shell, hasItem('skopeo copy --src-tls-verify=false --dest-tls-verify=false --dest-creds=\'registryUser\':\'********\' docker://my.source.registry:44444/sourceImage:sourceTag docker://my.registry:55555/testImage:tag'))
+        assertThat(shellCallRule.shell, hasItem('skopeo copy --src-tls-verify=false --src-creds=\'registryUser\':\'********\' --dest-tls-verify=false --dest-creds=\'registryUser\':\'********\' docker://my.source.registry:44444/sourceImage:sourceTag docker://my.registry:55555/testImage:tag'))
     }
 
     @Test

vars/containerPushToRegistry.groovy

@@ -127,14 +127,14 @@ void call(Map parameters = [:]) {
             ) {
 
                 if (!config.dockerArchive && !config.dockerBuildImage) {
-                    dockerUtils.moveImage([image: config.sourceImage, registryUrl: config.sourceRegistryUrl], [image: config.dockerImage, registryUrl: config.dockerRegistryUrl, credentialsId: config.dockerCredentialsId])
+                    dockerUtils.moveImage([image: config.sourceImage, registryUrl: config.sourceRegistryUrl, credentialsId: config.sourceCredentialsId], [image: config.dockerImage, registryUrl: config.dockerRegistryUrl, credentialsId: config.dockerCredentialsId])
                     if (config.tagLatest) {
                         def latestImage = "${config.dockerImage.split(':')[0]}:latest"
-                        dockerUtils.moveImage([image: config.sourceImage, registryUrl: config.sourceRegistryUrl], [image: latestImage, registryUrl: config.dockerRegistryUrl, credentialsId: config.dockerCredentialsId])
+                        dockerUtils.moveImage([image: config.sourceImage, registryUrl: config.sourceRegistryUrl, credentialsId: config.sourceCredentialsId], [image: latestImage, registryUrl: config.dockerRegistryUrl, credentialsId: config.dockerCredentialsId])
                     }
                     if (config.tagArtifactVersion) {
                         def imageName = "${config.dockerImage.split(':')[0]}:${config.artifactVersion}"
-                        dockerUtils.moveImage([image: config.sourceImage, registryUrl: config.sourceRegistryUrl], [image: imageName, registryUrl: config.dockerRegistryUrl, credentialsId: config.dockerCredentialsId])
+                        dockerUtils.moveImage([image: config.sourceImage, registryUrl: config.sourceRegistryUrl, credentialsId: config.sourceCredentialsId], [image: imageName, registryUrl: config.dockerRegistryUrl, credentialsId: config.dockerCredentialsId])
                     }
                 } else {
                     error "[${STEP_NAME}] Running on Kubernetes: Only moving images from one registry to another supported."