Skip to content

Commit

Permalink
fix: invalid push secret in bc when using internal registry
Browse files Browse the repository at this point in the history
  • Loading branch information
iocanel committed Sep 2, 2023
1 parent 01250df commit 9d4a8d4
Show file tree
Hide file tree
Showing 2 changed files with 59 additions and 4 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -244,21 +244,26 @@ public void configureExternalRegistry(ApplicationInfoBuildItem applicationInfo,
containerImageInfo.registry.ifPresent(registry -> {
final String name = applicationInfo.getName();
final String serviceAccountName = applicationInfo.getName();
String imagePushSecret = openshiftConfig.imagePushSecret.orElse(applicationInfo.getName() + "-push-secret");
String repositoryWithRegistry = registry + "/" + containerImageInfo.getRepository();

if (registry.contains(OPENSHIFT_INTERNAL_REGISTRY)) {
if (openshiftConfig.imagePushSecret.isPresent()) {
//if a push secret has been specified, we need to apply it.
String imagePushSecret = openshiftConfig.imagePushSecret.get();
decorator.produce(new DecoratorBuildItem(OPENSHIFT, new ApplyDockerImageOutputToBuildConfigDecorator(
applicationInfo.getName(), containerImageInfo.getImage(), imagePushSecret)));
} else if (registry.contains(OPENSHIFT_INTERNAL_REGISTRY)) {
//no special handling of secrets is really needed.
} else if (containerImageInfo.username.isPresent() && containerImageInfo.password.isPresent()) {
String imagePushSecret = applicationInfo.getName() + "-push-secret";
decorator.produce(new DecoratorBuildItem(OPENSHIFT,
new AddDockerConfigJsonSecretDecorator(imagePushSecret, containerImageInfo.registry.get(),
containerImageInfo.username.get(), containerImageInfo.password.get())));
decorator.produce(new DecoratorBuildItem(OPENSHIFT, new ApplyDockerImageOutputToBuildConfigDecorator(
applicationInfo.getName(), containerImageInfo.getImage(), imagePushSecret)));
} else {
LOG.warn("An external image registry has been specified, but no push secret or credentials.");
}

decorator.produce(new DecoratorBuildItem(OPENSHIFT, new ApplyDockerImageOutputToBuildConfigDecorator(
applicationInfo.getName(), containerImageInfo.getImage(), imagePushSecret)));
decorator.produce(new DecoratorBuildItem(OPENSHIFT,
new ApplyDockerImageRepositoryToImageStream(applicationInfo.getName(), repositoryWithRegistry)));
});
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
package io.quarkus.it.kubernetes;

import static org.assertj.core.api.Assertions.assertThat;

import java.io.IOException;
import java.nio.file.Path;
import java.util.List;

import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.RegisterExtension;

import io.fabric8.kubernetes.api.model.HasMetadata;
import io.fabric8.openshift.api.model.BuildConfig;
import io.quarkus.builder.Version;
import io.quarkus.maven.dependency.Dependency;
import io.quarkus.test.ProdBuildResults;
import io.quarkus.test.ProdModeTestResults;
import io.quarkus.test.QuarkusProdModeTest;

public class OpenshiftWithInternalRegistryTest extends BaseOpenshiftWithRemoteRegistry {

private static final String APP_NAME = "openshift-with-internal-registry";

@RegisterExtension
static final QuarkusProdModeTest config = new QuarkusProdModeTest()
.withApplicationRoot((jar) -> jar.addClasses(GreetingResource.class))
.setApplicationName(APP_NAME)
.setApplicationVersion("0.1-SNAPSHOT")
.overrideConfigKey("quarkus.container-image.group", "project")
.overrideConfigKey("quarkus.container-image.registry", "quay.io")
.overrideConfigKey("quarkus.openshift.generate-image-pull-secret", "true")
.setForcedDependencies(List.of(Dependency.of("io.quarkus", "quarkus-openshift", Version.getVersion())));

@ProdBuildResults
private ProdModeTestResults prodModeTestResults;

@Test
public void assertGeneratedResources() throws IOException {
Path buildDir = prodModeTestResults.getBuildDir();
List<HasMetadata> resourceList = getResources("openshift", buildDir);
assertThat(resourceList).filteredOn(h -> "BuildConfig".equals(h.getKind())).singleElement().satisfies(h -> {
assertThat(h.getMetadata()).satisfies(m -> {
assertThat(m.getName()).isEqualTo(APP_NAME);
});
assertThat(h).isInstanceOfSatisfying(BuildConfig.class, b -> {
assertThat(b.getSpec().getOutput().getPushSecret()).isNull();
});
});
}
}

0 comments on commit 9d4a8d4

Please sign in to comment.