mirror of
https://github.com/SAP/jenkins-library.git
synced 2024-12-12 10:55:20 +02:00
ec420b9dd0
This is because the cnb builder images usually don't run as root user. As a workaround we: - Copied the system truststore to a tmp-file - Added the certificates to the tmp-file - Set the `SSL_CERT_FILE` environment variable Co-authored-by: Philipp Stehle <philipp.stehle@sap.com> Co-authored-by: Sumit Kulhadia <sumit.kulhadia@sap.com>
238 lines
10 KiB
Go
238 lines
10 KiB
Go
package cmd
|
|
|
|
import (
|
|
"fmt"
|
|
"net/http"
|
|
"net/http/httptest"
|
|
"testing"
|
|
|
|
"github.com/SAP/jenkins-library/pkg/cnbutils"
|
|
piperhttp "github.com/SAP/jenkins-library/pkg/http"
|
|
"github.com/SAP/jenkins-library/pkg/mock"
|
|
"github.com/SAP/jenkins-library/pkg/telemetry"
|
|
"github.com/stretchr/testify/assert"
|
|
)
|
|
|
|
func newCnbBuildTestsUtils() cnbutils.MockUtils {
|
|
utils := cnbutils.MockUtils{
|
|
ExecMockRunner: &mock.ExecMockRunner{},
|
|
FilesMock: &mock.FilesMock{},
|
|
DockerMock: &cnbutils.DockerMock{},
|
|
}
|
|
return utils
|
|
}
|
|
|
|
func addBuilderFiles(utils *cnbutils.MockUtils) {
|
|
for _, path := range []string{detectorPath, builderPath, exporterPath} {
|
|
utils.FilesMock.AddFile(path, []byte(`xyz`))
|
|
}
|
|
}
|
|
|
|
func TestRunCnbBuild(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
commonPipelineEnvironment := cnbBuildCommonPipelineEnvironment{}
|
|
|
|
t.Run("success case (registry with https)", func(t *testing.T) {
|
|
t.Parallel()
|
|
registry := "some-registry"
|
|
config := cnbBuildOptions{
|
|
ContainerImageName: "my-image",
|
|
ContainerImageTag: "0.0.1",
|
|
ContainerRegistryURL: fmt.Sprintf("https://%s", registry),
|
|
DockerConfigJSON: "/path/to/config.json",
|
|
}
|
|
|
|
utils := newCnbBuildTestsUtils()
|
|
utils.FilesMock.AddFile(config.DockerConfigJSON, []byte(`{"auths":{"my-registry":{"auth":"dXNlcjpwYXNz"}}}`))
|
|
addBuilderFiles(&utils)
|
|
|
|
err := runCnbBuild(&config, &telemetry.CustomData{}, &utils, &commonPipelineEnvironment, &piperhttp.Client{})
|
|
|
|
assert.NoError(t, err)
|
|
runner := utils.ExecMockRunner
|
|
assert.Contains(t, runner.Env, "CNB_REGISTRY_AUTH={\"my-registry\":\"Basic dXNlcjpwYXNz\"}")
|
|
assert.Equal(t, "/cnb/lifecycle/detector", runner.Calls[0].Exec)
|
|
assert.Equal(t, "/cnb/lifecycle/builder", runner.Calls[1].Exec)
|
|
assert.Equal(t, "/cnb/lifecycle/exporter", runner.Calls[2].Exec)
|
|
assert.Equal(t, []string{"-buildpacks", "/cnb/buildpacks", "-order", "/cnb/order.toml", "-platform", "/platform"}, runner.Calls[0].Params)
|
|
assert.Equal(t, []string{"-buildpacks", "/cnb/buildpacks", "-platform", "/platform"}, runner.Calls[1].Params)
|
|
assert.Equal(t, []string{fmt.Sprintf("%s/%s:%s", registry, config.ContainerImageName, config.ContainerImageTag), fmt.Sprintf("%s/%s:latest", registry, config.ContainerImageName)}, runner.Calls[2].Params)
|
|
})
|
|
|
|
t.Run("success case (registry without https)", func(t *testing.T) {
|
|
t.Parallel()
|
|
registry := "some-registry"
|
|
config := cnbBuildOptions{
|
|
ContainerImageName: "my-image",
|
|
ContainerImageTag: "0.0.1",
|
|
ContainerRegistryURL: registry,
|
|
DockerConfigJSON: "/path/to/config.json",
|
|
}
|
|
|
|
utils := newCnbBuildTestsUtils()
|
|
utils.FilesMock.AddFile(config.DockerConfigJSON, []byte(`{"auths":{"my-registry":{"auth":"dXNlcjpwYXNz"}}}`))
|
|
addBuilderFiles(&utils)
|
|
|
|
err := runCnbBuild(&config, &telemetry.CustomData{}, &utils, &commonPipelineEnvironment, &piperhttp.Client{})
|
|
|
|
assert.NoError(t, err)
|
|
runner := utils.ExecMockRunner
|
|
assert.Contains(t, runner.Env, "CNB_REGISTRY_AUTH={\"my-registry\":\"Basic dXNlcjpwYXNz\"}")
|
|
assert.Equal(t, "/cnb/lifecycle/detector", runner.Calls[0].Exec)
|
|
assert.Equal(t, "/cnb/lifecycle/builder", runner.Calls[1].Exec)
|
|
assert.Equal(t, "/cnb/lifecycle/exporter", runner.Calls[2].Exec)
|
|
assert.Equal(t, []string{"-buildpacks", "/cnb/buildpacks", "-order", "/cnb/order.toml", "-platform", "/platform"}, runner.Calls[0].Params)
|
|
assert.Equal(t, []string{"-buildpacks", "/cnb/buildpacks", "-platform", "/platform"}, runner.Calls[1].Params)
|
|
assert.Equal(t, []string{fmt.Sprintf("%s/%s:%s", registry, config.ContainerImageName, config.ContainerImageTag), fmt.Sprintf("%s/%s:latest", registry, config.ContainerImageName)}, runner.Calls[2].Params)
|
|
})
|
|
|
|
t.Run("success case (custom buildpacks and custom env variables, renaming docker conf file)", func(t *testing.T) {
|
|
t.Parallel()
|
|
registry := "some-registry"
|
|
config := cnbBuildOptions{
|
|
ContainerImageName: "my-image",
|
|
ContainerImageTag: "0.0.1",
|
|
ContainerRegistryURL: registry,
|
|
DockerConfigJSON: "/path/to/test.json",
|
|
Buildpacks: []string{"test"},
|
|
BuildEnvVars: []string{"FOO=BAR"},
|
|
}
|
|
|
|
utils := newCnbBuildTestsUtils()
|
|
utils.FilesMock.AddFile(config.DockerConfigJSON, []byte(`{"auths":{"my-registry":{"auth":"dXNlcjpwYXNz"}}}`))
|
|
addBuilderFiles(&utils)
|
|
|
|
err := runCnbBuild(&config, &telemetry.CustomData{}, &utils, &commonPipelineEnvironment, &piperhttp.Client{})
|
|
|
|
assert.NoError(t, err)
|
|
runner := utils.ExecMockRunner
|
|
assert.Contains(t, runner.Env, "CNB_REGISTRY_AUTH={\"my-registry\":\"Basic dXNlcjpwYXNz\"}")
|
|
assert.Equal(t, "/cnb/lifecycle/detector", runner.Calls[0].Exec)
|
|
assert.Equal(t, "/cnb/lifecycle/builder", runner.Calls[1].Exec)
|
|
assert.Equal(t, "/cnb/lifecycle/exporter", runner.Calls[2].Exec)
|
|
assert.Equal(t, []string{"-buildpacks", "/tmp/buildpacks", "-order", "/tmp/buildpacks/order.toml", "-platform", "/tmp/platform"}, runner.Calls[0].Params)
|
|
assert.Equal(t, []string{"-buildpacks", "/tmp/buildpacks", "-platform", "/tmp/platform"}, runner.Calls[1].Params)
|
|
assert.Equal(t, []string{fmt.Sprintf("%s/%s:%s", registry, config.ContainerImageName, config.ContainerImageTag), fmt.Sprintf("%s/%s:latest", registry, config.ContainerImageName)}, runner.Calls[2].Params)
|
|
})
|
|
|
|
t.Run("success case (customTlsCertificates)", func(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
server := httptest.NewServer(http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
|
|
rw.Write([]byte("testCert"))
|
|
}))
|
|
// Close the server when test finishes
|
|
defer server.Close()
|
|
|
|
caCertsFile := "/etc/ssl/certs/ca-certificates.crt"
|
|
caCertsTmpFile := "/tmp/ca-certificates.crt"
|
|
registry := "some-registry"
|
|
config := cnbBuildOptions{
|
|
ContainerImageName: "my-image",
|
|
ContainerImageTag: "0.0.1",
|
|
ContainerRegistryURL: registry,
|
|
DockerConfigJSON: "/path/to/config.json",
|
|
Buildpacks: []string{"test"},
|
|
CustomTLSCertificateLinks: []string{server.URL, server.URL},
|
|
}
|
|
|
|
utils := newCnbBuildTestsUtils()
|
|
utils.FilesMock.AddFile(caCertsFile, []byte("test\n"))
|
|
utils.FilesMock.AddFile(config.DockerConfigJSON, []byte(`{"auths":{"my-registry":{"auth":"dXNlcjpwYXNz"}}}`))
|
|
addBuilderFiles(&utils)
|
|
|
|
err := runCnbBuild(&config, &telemetry.CustomData{}, &utils, &commonPipelineEnvironment, &piperhttp.Client{})
|
|
assert.NoError(t, err)
|
|
|
|
result, err := utils.FilesMock.FileRead(caCertsTmpFile)
|
|
assert.NoError(t, err)
|
|
assert.Equal(t, "test\ntestCert\ntestCert\n", string(result))
|
|
|
|
assert.NoError(t, err)
|
|
runner := utils.ExecMockRunner
|
|
assert.Contains(t, runner.Env, "CNB_REGISTRY_AUTH={\"my-registry\":\"Basic dXNlcjpwYXNz\"}")
|
|
assert.Contains(t, runner.Env, fmt.Sprintf("SSL_CERT_FILE=%s", caCertsTmpFile))
|
|
assert.Equal(t, "/cnb/lifecycle/detector", runner.Calls[0].Exec)
|
|
assert.Equal(t, "/cnb/lifecycle/builder", runner.Calls[1].Exec)
|
|
assert.Equal(t, "/cnb/lifecycle/exporter", runner.Calls[2].Exec)
|
|
assert.Equal(t, []string{"-buildpacks", "/tmp/buildpacks", "-order", "/tmp/buildpacks/order.toml", "-platform", "/platform"}, runner.Calls[0].Params)
|
|
assert.Equal(t, []string{"-buildpacks", "/tmp/buildpacks", "-platform", "/platform"}, runner.Calls[1].Params)
|
|
assert.Equal(t, []string{fmt.Sprintf("%s/%s:%s", registry, config.ContainerImageName, config.ContainerImageTag), fmt.Sprintf("%s/%s:latest", registry, config.ContainerImageName)}, runner.Calls[2].Params)
|
|
})
|
|
|
|
t.Run("error case: Invalid DockerConfigJSON file", func(t *testing.T) {
|
|
t.Parallel()
|
|
config := cnbBuildOptions{
|
|
ContainerImageName: "my-image",
|
|
DockerConfigJSON: "/path/to/config.json",
|
|
}
|
|
|
|
utils := newCnbBuildTestsUtils()
|
|
utils.FilesMock.AddFile(config.DockerConfigJSON, []byte(`{"auths":{"my-registry":"dXNlcjpwYXNz"}}`))
|
|
addBuilderFiles(&utils)
|
|
|
|
err := runCnbBuild(&config, nil, &utils, &commonPipelineEnvironment, &piperhttp.Client{})
|
|
assert.EqualError(t, err, "failed to parse DockerConfigJSON file '/path/to/config.json': json: cannot unmarshal string into Go struct field ConfigFile.auths of type types.AuthConfig")
|
|
})
|
|
|
|
t.Run("error case: DockerConfigJSON file not there (config.json)", func(t *testing.T) {
|
|
t.Parallel()
|
|
config := cnbBuildOptions{
|
|
ContainerImageName: "my-image",
|
|
DockerConfigJSON: "not-there/config.json",
|
|
}
|
|
|
|
utils := newCnbBuildTestsUtils()
|
|
addBuilderFiles(&utils)
|
|
|
|
err := runCnbBuild(&config, nil, &utils, &commonPipelineEnvironment, &piperhttp.Client{})
|
|
assert.EqualError(t, err, "failed to read DockerConfigJSON file 'not-there/config.json': could not read 'not-there/config.json'")
|
|
})
|
|
|
|
t.Run("error case: DockerConfigJSON file not there (not config.json)", func(t *testing.T) {
|
|
t.Parallel()
|
|
config := cnbBuildOptions{
|
|
ContainerImageName: "my-image",
|
|
DockerConfigJSON: "not-there",
|
|
}
|
|
|
|
utils := newCnbBuildTestsUtils()
|
|
addBuilderFiles(&utils)
|
|
|
|
err := runCnbBuild(&config, nil, &utils, &commonPipelineEnvironment, &piperhttp.Client{})
|
|
assert.EqualError(t, err, "failed to rename DockerConfigJSON file 'not-there': renaming file 'not-there' is not supported, since it does not exist, or is not a leaf-entry")
|
|
})
|
|
|
|
t.Run("error case: dockerImage is not a valid builder", func(t *testing.T) {
|
|
t.Parallel()
|
|
config := cnbBuildOptions{}
|
|
|
|
utils := newCnbBuildTestsUtils()
|
|
|
|
err := runCnbBuild(&config, nil, &utils, &commonPipelineEnvironment, &piperhttp.Client{})
|
|
assert.EqualError(t, err, "the provided dockerImage is not a valid builder")
|
|
})
|
|
|
|
t.Run("error case: builder image does not contain tls certificates", func(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
registry := "some-registry"
|
|
config := cnbBuildOptions{
|
|
ContainerImageName: "my-image",
|
|
ContainerImageTag: "0.0.1",
|
|
ContainerRegistryURL: registry,
|
|
DockerConfigJSON: "/path/to/config.json",
|
|
Buildpacks: []string{"test"},
|
|
CustomTLSCertificateLinks: []string{"http://example.com/certs.pem"},
|
|
}
|
|
|
|
utils := newCnbBuildTestsUtils()
|
|
utils.FilesMock.AddFile(config.DockerConfigJSON, []byte(`{"auths":{"my-registry":{"auth":"dXNlcjpwYXNz"}}}`))
|
|
addBuilderFiles(&utils)
|
|
|
|
err := runCnbBuild(&config, nil, &utils, &commonPipelineEnvironment, &piperhttp.Client{})
|
|
assert.EqualError(t, err, "failed to copy certificates: cannot copy '/etc/ssl/certs/ca-certificates.crt': file does not exist")
|
|
})
|
|
}
|