import json import pytest from app import docker_v2_signing_key from image.docker.schema1 import (DockerSchema1ManifestBuilder, DOCKER_SCHEMA1_SIGNED_MANIFEST_CONTENT_TYPE, DOCKER_SCHEMA1_MANIFEST_CONTENT_TYPE) from image.docker.schema2.manifest import (MalformedSchema2Manifest, DockerSchema2Manifest, DockerSchema2ManifestBuilder) from image.docker.schema2.test.test_config import CONFIG_BYTES @pytest.mark.parametrize('json_data', [ '', '{}', """ { "unknown": "key" } """, ]) def test_malformed_manifests(json_data): with pytest.raises(MalformedSchema2Manifest): DockerSchema2Manifest(json_data) MANIFEST_BYTES = json.dumps({ "schemaVersion": 2, "mediaType": "application/vnd.docker.distribution.manifest.v2+json", "config": { "mediaType": "application/vnd.docker.container.image.v1+json", "size": 1885, "digest": "sha256:b5b2b2c507a0944348e0303114d8d93aaaa081732b86451d9bce1f432a537bc7" }, "layers": [ { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", "size": 1234, "digest": "sha256:ec4b8955958665577945c89419d1af06b5f7636b4ac3da7f12184802ad867736", }, { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", "size": 32654, "digest": "sha256:e692418e4cbaf90ca69d05a66403747baa33ee08806650b51fab815ad7fc331f" }, { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", "size": 16724, "digest": "sha256:3c3a4604a545cdc127456d94e421cd355bca5b528f4a9c1905b15da2eb4a4c6b" }, { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", "size": 73109, "digest": "sha256:ec4b8955958665577945c89419d1af06b5f7636b4ac3da7f12184802ad867736" }, ], }) REMOTE_MANIFEST_BYTES = json.dumps({ "schemaVersion": 2, "mediaType": "application/vnd.docker.distribution.manifest.v2+json", "config": { "mediaType": "application/vnd.docker.container.image.v1+json", "size": 1885, "digest": "sha256:b5b2b2c507a0944348e0303114d8d93aaaa081732b86451d9bce1f432a537bc7", }, "layers": [ { "mediaType": "application/vnd.docker.image.rootfs.foreign.diff.tar.gzip", "size": 1234, "digest": "sha256:ec4b8955958665577945c89419d1af06b5f7636b4ac3da7f12184802ad867736", "urls": ['http://some/url'], }, { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", "size": 32654, "digest": "sha256:e692418e4cbaf90ca69d05a66403747baa33ee08806650b51fab815ad7fc331f" }, { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", "size": 16724, "digest": "sha256:3c3a4604a545cdc127456d94e421cd355bca5b528f4a9c1905b15da2eb4a4c6b" }, { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", "size": 73109, "digest": "sha256:ec4b8955958665577945c89419d1af06b5f7636b4ac3da7f12184802ad867736" }, ], }) def test_valid_manifest(): manifest = DockerSchema2Manifest(MANIFEST_BYTES) assert manifest.config.size == 1885 assert str(manifest.config.digest) == 'sha256:b5b2b2c507a0944348e0303114d8d93aaaa081732b86451d9bce1f432a537bc7' assert manifest.media_type == "application/vnd.docker.distribution.manifest.v2+json" assert not manifest.has_remote_layer assert len(manifest.layers) == 4 assert manifest.layers[0].compressed_size == 1234 assert str(manifest.layers[0].digest) == 'sha256:ec4b8955958665577945c89419d1af06b5f7636b4ac3da7f12184802ad867736' assert not manifest.layers[0].is_remote assert manifest.leaf_layer == manifest.layers[3] assert not manifest.leaf_layer.is_remote assert manifest.leaf_layer.compressed_size == 73109 blob_digests = list(manifest.blob_digests) expected = [str(layer.digest) for layer in manifest.layers] + [manifest.config.digest] assert blob_digests == expected assert list(manifest.local_blob_digests) == expected def test_valid_remote_manifest(): manifest = DockerSchema2Manifest(REMOTE_MANIFEST_BYTES) assert manifest.config.size == 1885 assert str(manifest.config.digest) == 'sha256:b5b2b2c507a0944348e0303114d8d93aaaa081732b86451d9bce1f432a537bc7' assert manifest.media_type == "application/vnd.docker.distribution.manifest.v2+json" assert manifest.has_remote_layer assert len(manifest.layers) == 4 assert manifest.layers[0].compressed_size == 1234 assert str(manifest.layers[0].digest) == 'sha256:ec4b8955958665577945c89419d1af06b5f7636b4ac3da7f12184802ad867736' assert manifest.layers[0].is_remote assert manifest.layers[0].urls == ['http://some/url'] assert manifest.leaf_layer == manifest.layers[3] assert not manifest.leaf_layer.is_remote assert manifest.leaf_layer.compressed_size == 73109 expected = set([str(layer.digest) for layer in manifest.layers] + [manifest.config.digest]) blob_digests = set(manifest.blob_digests) local_digests = set(manifest.local_blob_digests) assert blob_digests == expected assert local_digests == (expected - {manifest.layers[0].digest}) assert manifest.has_remote_layer assert manifest.leaf_layer_v1_image_id is None assert manifest.legacy_image_ids is None def test_schema2_builder(): manifest = DockerSchema2Manifest(MANIFEST_BYTES) builder = DockerSchema2ManifestBuilder() builder.set_config_digest(manifest.config.digest, manifest.config.size) for layer in manifest.layers: builder.add_layer(layer.digest, layer.compressed_size, urls=layer.urls) built = builder.build() assert built.layers == manifest.layers assert built.config == manifest.config def test_get_manifest_labels(): labels = dict(foo='bar', baz='meh') def _lookup_config(digest): config_str = json.dumps({ "config": { "Labels": labels, }, "rootfs": {"type": "layers", "diff_ids": []}, "history": [], }) return config_str + ' ' * (1885 - len(config_str)) manifest = DockerSchema2Manifest(MANIFEST_BYTES) assert manifest.get_manifest_labels(_lookup_config) == labels def test_build_schema1(): manifest = DockerSchema2Manifest(MANIFEST_BYTES) assert not manifest.has_remote_layer builder = DockerSchema1ManifestBuilder('somenamespace', 'somename', 'sometag') manifest.populate_schema1_builder(builder, lambda digest: CONFIG_BYTES) schema1 = builder.build(docker_v2_signing_key) assert schema1.media_type == DOCKER_SCHEMA1_SIGNED_MANIFEST_CONTENT_TYPE assert len(schema1.layers) == len(manifest.layers) assert set(schema1.image_ids) == set([l.v1_id for l in manifest.layers_with_v1_ids]) assert set(schema1.parent_image_ids) == set([l.v1_parent_id for l in manifest.layers_with_v1_ids if l.v1_parent_id]) manifest_layers = list(manifest.layers_with_v1_ids) for index, layer in enumerate(schema1.layers): assert layer.digest == manifest_layers[index].layer.digest assert layer.v1_metadata.image_id == manifest_layers[index].v1_id assert layer.v1_metadata.parent_image_id == manifest_layers[index].v1_parent_id for index, digest in enumerate(schema1.blob_digests): assert digest == str(list(manifest.blob_digests)[index]) def test_get_v1_compatible_manifest(): def _get_config(digest): config_str = json.dumps({ "config": { "Labels": {}, }, "rootfs": {"type": "layers", "diff_ids": []}, "history": [ { "created": "2018-04-03T18:37:09.284840891Z", "created_by": "foo" }, { "created": "2018-04-12T18:37:09.284840891Z", "created_by": "bar" }, { "created": "2018-04-03T18:37:09.284840891Z", "created_by": "foo" }, { "created": "2018-04-12T18:37:09.284840891Z", "created_by": "bar" }, ], }) return config_str + ' ' * (1885 - len(config_str)) manifest = DockerSchema2Manifest(MANIFEST_BYTES) schema1 = manifest.get_v1_compatible_manifest('somenamespace', 'somename', 'sometag', _get_config) assert schema1 is not None assert schema1.media_type == DOCKER_SCHEMA1_MANIFEST_CONTENT_TYPE assert len(schema1.layers) == len(manifest.layers) assert set(schema1.image_ids) == set([l.v1_id for l in manifest.layers_with_v1_ids]) assert set(schema1.parent_image_ids) == set([l.v1_parent_id for l in manifest.layers_with_v1_ids if l.v1_parent_id]) def test_generate_legacy_layers(): builder = DockerSchema2ManifestBuilder() builder.add_layer('sha256:abc123', 123) builder.add_layer('sha256:def456', 789) builder.set_config_digest('sha256:def456', 2000) manifest = builder.build() def _lookup_config(digest): config_str = json.dumps({ "config": { }, "rootfs": {"type": "layers", "diff_ids": []}, "history": [ { "created": "2018-04-03T18:37:09.284840891Z", "created_by": "foo" }, { "created": "2018-04-12T18:37:09.284840891Z", "created_by": "bar" }, ], }) return config_str + ' ' * (2000 - len(config_str)) legacy_layers = list(manifest.generate_legacy_layers({}, _lookup_config)) assert len(legacy_layers) == 2 assert legacy_layers[0].content_checksum == 'sha256:abc123' assert legacy_layers[1].content_checksum == 'sha256:def456' assert legacy_layers[0].created == "2018-04-03T18:37:09.284840891Z" assert legacy_layers[1].created == "2018-04-12T18:37:09.284840891Z" assert legacy_layers[0].command == '"foo"' assert legacy_layers[1].command == '"bar"' assert legacy_layers[1].parent_image_id == legacy_layers[0].image_id assert legacy_layers[0].parent_image_id is None assert legacy_layers[0].image_id != legacy_layers[1] def test_remote_layer_manifest(): builder = DockerSchema2ManifestBuilder() builder.set_config_digest('sha256:abcd', 1234) builder.add_layer('sha256:adef', 1234, urls=['http://some/url']) builder.add_layer('sha256:1352', 4567) builder.add_layer('sha256:1353', 4567) manifest = builder.build() assert manifest.has_remote_layer assert manifest.leaf_layer_v1_image_id is None assert manifest.legacy_image_ids is None schema1 = manifest.get_v1_compatible_manifest('somenamespace', 'somename', 'sometag', None) assert schema1 is None assert set(manifest.blob_digests) == {'sha256:adef', 'sha256:abcd', 'sha256:1352', 'sha256:1353'} assert set(manifest.local_blob_digests) == {'sha256:abcd', 'sha256:1352', 'sha256:1353'}