pytest-docker-registry-fixtures
Advanced tools
Pytest fixtures to instantiate and populated local docker registries, using lovely-pytest-docker and docker-py, for testing.
Update setup.py to include:
from distutils.core import setup
setup(
tests_require=["pytest-docker-registry-fixtures"]
)
All fixtures should be automatically included via the pytest11 entry point.
import requests
import pytest
from pytest_docker_registry_fixtures import DockerRegistryInsecure, DockerRegistrySecure # Optional, for typing
@pytest.mark.push_image("busybox:1.30.1", "alpine")
def test_docker_registry_secure(docker_registry_secure: DockerRegistrySecure):
response = requests.head(f"https://{docker_registry_secure.endpoint}/v2/",
headers=docker_registry_secure.auth_header,
verify=str(docker_registry_secure.cacerts),
)
assert response.status_code == 200
def test_docker_registry_insecure(docker_registry_insecure: DockerRegistryInsecure):
response = requests.head(f"http://{docker_registry_insecure.endpoint}/v2/")
assert response.status_code == 200
The push_image mark can optionally be added to stage images in the registry prior to testing. See Markers for details.
$ pip install pytest_docker_registry_fixtures
$ git clone https://github.com/crashvb/pytest-docker-registry-fixtures
$ cd pytest-docker-registry-fixtures
$ virtualenv env
$ source env/bin/activate
$ python -m pip install --editable .[dev]
Creates a Docker client using configuration values from environment variables. This fixture is used to replicate images into a registry.
from docker import DockerClient
def test_docker_pull(docker_client: DockerClient):
image = docker_client.image.pull("busybox:1.30.1")
Retrieves an HTTP basic authentication header that is populated with credentials that can access the secure docker registry service. The credentials are retrieved from the docker_registry_password and docker_registry_username fixtures. This fixture is used to replicate docker images into the secure docker registry service.
Locates a user-defined CA trust store (tests/cacerts) to use to verify connections to the secure docker registry service. If one cannot be located, a temporary trust store is created containing certificates from certifi and the docker_registry_certs fixture. This fixture is used to instantiate the secure docker registry service.
Returns the paths of the self-signed certificate authority certificate, certificate, and private key that are used by the secure docker registry service. This fixture is used to instantiate the secure docker registry service.
The following fields are defined in the tuple provided by this fixture:
Typing is provided by pytest_docker_registry_fixtures.DockerRegistryCerts.
Provides the path to a htpasswd file that is used by the secure docker registry service. If a user-defined htpasswd file (tests/htpasswd) can be located, it is used. Otherwise, a temporary htpasswd file is created using credentials from the docker_registry_password and docker_registry_username fixtures. This fixture is used to instantiate the secure docker registry service.
Configures and instantiates a docker registry without TLS or authentication.
import requests
from pytest_docker_registry_fixtures import DockerRegistryInsecure # Optional, for typing
def test_docker_registry_insecure(docker_registry_insecure: DockerRegistryInsecure):
for image_name in docker_registry_insecure.images:
response = requests.head(
f"http://{docker_registry_insecure.endpoint}/v2/{image_name.image}/manifests/{image_name.tag}",
)
assert response.status_code == 200
assert "Docker-Content-Digest" in response.headers
The following fields are defined in the tuple provided by this fixture:
Typing is provided by pytest_docker_registry_fixtures.DockerRegistryInsecure.
Provides a generated password to use for authentication to the secure docker registry service. This fixture is used to replicate docker images into the secure docker registry service.
Configures and instantiates a TLS enabled docker registry with HTTP basic authorization.
import requests
from pytest_docker_registry_fixtures import DockerRegistrySecure # Optional, for typing
def test_docker_registry_secure(docker_registry_secure: DockerRegistrySecure):
for image_name in docker_registry_secure.images:
response = requests.head(
f"https://{docker_registry_secure.endpoint}/v2/{image_name.image}/manifests/{image_name.tag}",
headers=docker_registry_secure.auth_header,
verify=str(docker_registry_secure.cacerts),
)
assert response.status_code == 200
assert "Docker-Content-Digest" in response.headers
The following fields are defined in the tuple provided by this fixture:
Typing is provided by pytest_docker_registry_fixtures.DockerRegistrySecure.
Provides an SSL context containing the CA trust store from the docker_registry_cacerts fixture. This fixture is used to instantiate the secure docker registry service.
Provides a generated username to use for authentication to the secure docker registry service. This fixture is used to replicate docker images into the secure docker registry service.
This fixture uses the docker_compose_files fixture to locate a user-defined docker-compose configuration file (typically tests/docker-compose.yml) that contains the pytest-docker-registry-insecure service. If one cannot be located, an embedded configuration is copied to a temporary location and returned. This fixture is used to instantiate the insecure docker registry service.
This fixture uses the docker_compose_files fixture to locate a user-defined docker-compose configuration file (typically tests/docker-compose.yml) that contains the pytest-docker-registry-secure service. If one cannot be located, an embedded configuration is copied to a temporary location and returned. This fixture is used to instantiate the secure docker registry service; however, unlike the configuration returned by the pdrf_docker_compose_insecure fixture, this configuration will be treated as a template; the $PATH_CERTIFICATE, $PATH_HTPASSWD, and $PATH_KEY tokens will be populated with the absolute paths provided by the docker_registry_certs and docker_registry_htpasswd fixtures, as appropriate.
This marker specifies the docker image name(s) that should be replicated to the docker registry service(s) prior to testing. It can ...
... decorate individual tests:
import pytest
from pytest_docker_registry_fixtures import DockerRegistrySecure # Optional, for typing
@pytest.mark.push_image("busybox:1.30.1", "alpine", "python,mysql:latest")
def test_docker_registry_secure(docker_registry_secure: DockerRegistrySecure):
...
... be specified in the pytestmark list at the module level:
#!/usr/bin/env python
import pytest
pytestmark = [pytest.mark.push_image("busybox:1.30.1", "alpine", "python,mysql:latest")]
...
... or be provided via the corresponding --push-image command-line argument:
python -m pytest --push-image busybox:1.30.1 --push-image alpine --push-image python,mysql:latest ...
This marker supports being specified multiple times, and removes duplicate image names (see Limitations below).
A helper function, get_pushed_images, is included for test scenarios that wish to inspect the maker directly:
import pytest
from pytest_docker_registry_fixtures import DockerRegistrySecure, get_pushed_images, ImageName
@pytest.mark.push_image("busybox:1.30.1")
def test_docker_registry_secure(docker_registry_secure: DockerRegistrySecure, request):
image_name = ImageName.parse(get_pushed_images(request)[0])
It is possible to instantiate multiple registry instances using the corresponding enumerated fixtures. All fixtures listed above have _*list (e.g. docker_registry_secure -> docker_registry_secure_list) versions that will return enumerated lists of corresponding data type.
For example:
import requests
from typing import List # Optional, for typing
from pytest_docker_registry_fixtures import DockerRegistrySecure # Optional, for typing
def test_docker_registry_secure_list(docker_registry_secure_list: List[DockerRegistrySecure]):
for docker_registry_secure in docker_registry_secure_list:
for image_name in docker_registry_secure.images:
response = requests.head(
f"https://{docker_registry_secure.endpoint}/v2/{image_name.image}/manifests/{image_name.tag}",
headers=docker_registry_secure.auth_header,
verify=str(docker_registry_secure.cacerts),
)
assert response.status_code == 200
assert "Docker-Content-Digest" in response.headers
It is possible to use both singular and enumerated fixtures within the same test context; however, the same values will be returned for the singular fixture as the first enumerated list value (i.e. docker_registry_secure == docker_registry_secure_list[0]). To avoid complications with lower layers, mainly docker-compose, and to allow for this interchangeability, caching is used internally.
By default, the scale factor of the enumerated instances is set to one (n=1). This value can be changed by overriding the pdrf_scale_factor fixture, as follows:
import pytest
@pytest.fixture(scope="session")
def pdrf_scale_factor() -> int:
return 4
This fixture will be used to scale both the insecure and secure docker registries.
push_image marker is processed as part of the docker_registry_insecure and docker_registry_secure fixtures. As such:FAQs
Pytest fixtures for testing with docker registries.
We found that pytest-docker-registry-fixtures demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
/Research
Malicious npm package impersonates Nodemailer and drains wallets by hijacking crypto transactions across multiple blockchains.
Security News
This episode explores the hard problem of reachability analysis, from static analysis limits to handling dynamic languages and massive dependency trees.
Security News
/Research
Malicious Nx npm versions stole secrets and wallet info using AI CLI tools; Socket’s AI scanner detected the supply chain attack and flagged the malware.