From 9d4a8d4a7dfca1205a3f340abb4636cce19f6d37 Mon Sep 17 00:00:00 2001 From: Ioannis Canellos Date: Sat, 2 Sep 2023 13:36:21 +0300 Subject: [PATCH] fix: invalid push secret in bc when using internal registry --- .../deployment/OpenshiftProcessor.java | 13 +++-- .../OpenshiftWithInternalRegistryTest.java | 50 +++++++++++++++++++ 2 files changed, 59 insertions(+), 4 deletions(-) create mode 100644 integration-tests/kubernetes/quarkus-standard-way/src/test/java/io/quarkus/it/kubernetes/OpenshiftWithInternalRegistryTest.java diff --git a/extensions/container-image/container-image-openshift/deployment/src/main/java/io/quarkus/container/image/openshift/deployment/OpenshiftProcessor.java b/extensions/container-image/container-image-openshift/deployment/src/main/java/io/quarkus/container/image/openshift/deployment/OpenshiftProcessor.java index 150961baabacb..13584271e1bb5 100644 --- a/extensions/container-image/container-image-openshift/deployment/src/main/java/io/quarkus/container/image/openshift/deployment/OpenshiftProcessor.java +++ b/extensions/container-image/container-image-openshift/deployment/src/main/java/io/quarkus/container/image/openshift/deployment/OpenshiftProcessor.java @@ -244,21 +244,26 @@ public void configureExternalRegistry(ApplicationInfoBuildItem applicationInfo, containerImageInfo.registry.ifPresent(registry -> { final String name = applicationInfo.getName(); final String serviceAccountName = applicationInfo.getName(); - String imagePushSecret = openshiftConfig.imagePushSecret.orElse(applicationInfo.getName() + "-push-secret"); String repositoryWithRegistry = registry + "/" + containerImageInfo.getRepository(); - if (registry.contains(OPENSHIFT_INTERNAL_REGISTRY)) { + if (openshiftConfig.imagePushSecret.isPresent()) { + //if a push secret has been specified, we need to apply it. + String imagePushSecret = openshiftConfig.imagePushSecret.get(); + decorator.produce(new DecoratorBuildItem(OPENSHIFT, new ApplyDockerImageOutputToBuildConfigDecorator( + applicationInfo.getName(), containerImageInfo.getImage(), imagePushSecret))); + } else if (registry.contains(OPENSHIFT_INTERNAL_REGISTRY)) { //no special handling of secrets is really needed. } else if (containerImageInfo.username.isPresent() && containerImageInfo.password.isPresent()) { + String imagePushSecret = applicationInfo.getName() + "-push-secret"; decorator.produce(new DecoratorBuildItem(OPENSHIFT, new AddDockerConfigJsonSecretDecorator(imagePushSecret, containerImageInfo.registry.get(), containerImageInfo.username.get(), containerImageInfo.password.get()))); + decorator.produce(new DecoratorBuildItem(OPENSHIFT, new ApplyDockerImageOutputToBuildConfigDecorator( + applicationInfo.getName(), containerImageInfo.getImage(), imagePushSecret))); } else { LOG.warn("An external image registry has been specified, but no push secret or credentials."); } - decorator.produce(new DecoratorBuildItem(OPENSHIFT, new ApplyDockerImageOutputToBuildConfigDecorator( - applicationInfo.getName(), containerImageInfo.getImage(), imagePushSecret))); decorator.produce(new DecoratorBuildItem(OPENSHIFT, new ApplyDockerImageRepositoryToImageStream(applicationInfo.getName(), repositoryWithRegistry))); }); diff --git a/integration-tests/kubernetes/quarkus-standard-way/src/test/java/io/quarkus/it/kubernetes/OpenshiftWithInternalRegistryTest.java b/integration-tests/kubernetes/quarkus-standard-way/src/test/java/io/quarkus/it/kubernetes/OpenshiftWithInternalRegistryTest.java new file mode 100644 index 0000000000000..66d3817d6aa2c --- /dev/null +++ b/integration-tests/kubernetes/quarkus-standard-way/src/test/java/io/quarkus/it/kubernetes/OpenshiftWithInternalRegistryTest.java @@ -0,0 +1,50 @@ +package io.quarkus.it.kubernetes; + +import static org.assertj.core.api.Assertions.assertThat; + +import java.io.IOException; +import java.nio.file.Path; +import java.util.List; + +import org.junit.jupiter.api.Test; +import org.junit.jupiter.api.extension.RegisterExtension; + +import io.fabric8.kubernetes.api.model.HasMetadata; +import io.fabric8.openshift.api.model.BuildConfig; +import io.quarkus.builder.Version; +import io.quarkus.maven.dependency.Dependency; +import io.quarkus.test.ProdBuildResults; +import io.quarkus.test.ProdModeTestResults; +import io.quarkus.test.QuarkusProdModeTest; + +public class OpenshiftWithInternalRegistryTest extends BaseOpenshiftWithRemoteRegistry { + + private static final String APP_NAME = "openshift-with-internal-registry"; + + @RegisterExtension + static final QuarkusProdModeTest config = new QuarkusProdModeTest() + .withApplicationRoot((jar) -> jar.addClasses(GreetingResource.class)) + .setApplicationName(APP_NAME) + .setApplicationVersion("0.1-SNAPSHOT") + .overrideConfigKey("quarkus.container-image.group", "project") + .overrideConfigKey("quarkus.container-image.registry", "quay.io") + .overrideConfigKey("quarkus.openshift.generate-image-pull-secret", "true") + .setForcedDependencies(List.of(Dependency.of("io.quarkus", "quarkus-openshift", Version.getVersion()))); + + @ProdBuildResults + private ProdModeTestResults prodModeTestResults; + + @Test + public void assertGeneratedResources() throws IOException { + Path buildDir = prodModeTestResults.getBuildDir(); + List resourceList = getResources("openshift", buildDir); + assertThat(resourceList).filteredOn(h -> "BuildConfig".equals(h.getKind())).singleElement().satisfies(h -> { + assertThat(h.getMetadata()).satisfies(m -> { + assertThat(m.getName()).isEqualTo(APP_NAME); + }); + assertThat(h).isInstanceOfSatisfying(BuildConfig.class, b -> { + assertThat(b.getSpec().getOutput().getPushSecret()).isNull(); + }); + }); + } +}