Fix docker registry idempotency and add windows acceptance tests

Author: florindragos

Diff for: manifests/registry.pp

@@ -83,12 +83,19 @@
   }
 
   $docker_auth = "${title}${auth_environment}${auth_cmd}${local_user}"
-  if $receipt {
 
-    # server may be an URI, which can contain /
-    $server_strip = regsubst($server, '/', '_', 'G')
+  if $auth_environment != '' {
+    $exec_env = concat($exec_environment, $auth_environment, "docker_auth=${docker_auth}")
+  } else {
+    $exec_env = concat($exec_environment, "docker_auth=${docker_auth}")
+  }
+
+  if $receipt {
 
     if $::osfamily != 'windows' {
+      # server may be an URI, which can contain /
+      $server_strip = regsubst($server, '/', '_', 'G')
+
       # no - with pw_hash
       $local_user_strip = regsubst($local_user, '-', '', 'G')
 
@@ -104,34 +111,32 @@
         notify  => Exec["${title} auth"],
       }
     } else {
-      $_auth_command = $auth_cmd
-      $pw_hash_path = 'C:/Windows/Temp/compute_hash.ps1'
+      # server may be an URI, which can contain /
+      $server_strip = regsubst($server, '[/:]', '_', 'G')
       $passfile = "C:/Windows/Temp/registry-auth-puppet_receipt_${server_strip}_${local_user}"
-      file{ $pw_hash_path:
-          ensure  => present,
-          force   => true,
-          content => template('docker/windows/compute_hash.ps1.erb'),
-          notify  => Exec['compute-hash']
-      }
-      exec { 'compute-hash':
-          command     => "& ${pw_hash_path}",
-          provider    => $exec_provider,
-          refreshonly => true,
-          logoutput   => true,
-          notify      => Exec["${title} auth"],
+      $_auth_command = "if (-not (${auth_cmd})) { Remove-Item -Path ${passfile} -Force -Recurse -EA SilentlyContinue; exit 0 } else { exit 0 }"
+
+      if $ensure == 'absent' {
+        file { $passfile:
+          ensure => $ensure,
+          notify => Exec["${title} auth"],
+        }
+      } elsif $ensure == 'present' {
+        exec { 'compute-hash':
+            command     => template('docker/windows/compute_hash.ps1.erb'),
+            environment => $exec_env,
+            provider    => $exec_provider,
+            logoutput   => true,
+            unless      => template('docker/windows/check_hash.ps1.erb'),
+            notify      => Exec["${title} auth"],
         }
+      }
     }
   }
   else {
     $_auth_command = $auth_cmd
   }
 
-  if $auth_environment != '' {
-    $exec_env = concat($exec_environment, $auth_environment, "docker_auth=${docker_auth}")
-  } else {
-    $exec_env = concat($exec_environment, "docker_auth=${docker_auth}")
-  }
-
   exec { "${title} auth":
     environment => $exec_env,
     command     => $_auth_command,

Diff for: spec/acceptance/docker_spec.rb

@@ -2,21 +2,43 @@
 
 broken = false
 
+registry_port = 5000
+
 if fact('osfamily') == 'windows'
-  puts "Not implemented on Windows"
+  win_host = only_host_with_role(hosts, 'default')
+  @windows_ip = win_host.ip
+  docker_arg = "docker_ee => true, extra_parameters => '\"insecure-registries\": [ \"#{@windows_ip}:5000\" ]'"
+  docker_registry_image = 'stefanscherer/registry-windows'
+  docker_network = 'nat'
+  registry_host = @windows_ip
+  config_file = '/cygdrive/c/Users/Administrator/.docker/config.json'
+  root_dir = "C:/Windows/Temp"
+  server_strip = "#{registry_host}_#{registry_port}"
+  bad_server_strip = "#{registry_host}_5001"
   broken = true
-elsif fact('osfamily') == 'RedHat'
-  docker_args = "repo_opt => '--enablerepo=localmirror-extras'" 
+else
+  if fact('osfamily') == 'RedHat'
+    docker_args = "repo_opt => '--enablerepo=localmirror-extras'"
+  else
+    docker_arg = ''
+  end
+  docker_registry_image = 'registry'
+  docker_network = 'bridge'
+  registry_host = '127.0.0.1'
+  server_strip = "#{registry_host}:#{registry_port}"
+  bad_server_strip = "#{registry_host}:5001"
+  config_file = '/root/.docker/config.json'
+  root_dir = "/root"
 end
 
-describe 'docker', :win_broken => broken do
+describe 'docker' do
   package_name = 'docker-ce'
   service_name = 'docker'
   command = 'docker'
 
-  context 'When adding system user' do
+  context 'When adding system user', :win_broken => broken do
     let(:pp) {"
-            class { 'docker':
+            class { 'docker': #{docker_arg}
               docker_users => ['user1']
             }
     "}
@@ -28,7 +50,7 @@ class { 'docker':
      end
    end
 
-  context 'with default parameters' do
+  context 'with default parameters', :win_broken => broken do
     let(:pp) {"
 			class { 'docker':
         docker_users => [ 'testuser' ],
@@ -97,7 +119,7 @@ class { 'docker':
     end
   end
 
-  context "When asked to have the latest image of something" do
+  context "When asked to have the latest image of something", :win_broken => broken do
     let(:pp) {"
         class { 'docker':
           docker_users => [ 'testuser' ]
@@ -112,7 +134,7 @@ class { 'docker':
     end
   end
 
-  context "When registry_mirror is set" do
+  context "When registry_mirror is set", :win_broken => broken do
     let(:pp) {"
       class { 'docker':
         registry_mirror => 'http://testmirror.io'
@@ -131,23 +153,22 @@ class { 'docker':
 
   context 'registry' do
     before(:all) do
-      registry_host = 'localhost'
-      registry_port = 5000
       @registry_address = "#{registry_host}:#{registry_port}"
       @registry_bad_address = "#{registry_host}:5001"
       # @registry_email = '[email protected]'
-      @config_file = '/root/.docker/config.json'
       @manifest = <<-EOS
-        class { 'docker': }
+        class { 'docker': #{docker_arg}}
         docker::run { 'registry':
-          image         => 'registry',
+          image         => '#{docker_registry_image}',
           pull_on_start => true,
+          restart       => 'always',
+          net           => '#{docker_network}',
           ports         => '#{registry_port}:#{registry_port}',
-          volumes       => '/tmp/registry-dev',
         }
       EOS
-
-      apply_manifest(@manifest, :catch_failures=>true)
+      retry_on_error_matching(60, 5, /connection failure running/) do
+        apply_manifest(@manifest, :catch_failures=>true)
+      end
       # avoid a race condition with the registry taking time to start
       # on some operating systems
       sleep 10
@@ -161,8 +182,8 @@ class { 'docker': }
         }
       EOS
       apply_manifest(manifest, :catch_failures=>true)
-      shell("grep #{@registry_address} #{@config_file}", :acceptable_exit_codes => [0])
-      shell("test -e \"/root/registry-auth-puppet_receipt_#{@registry_address}_root\"", :acceptable_exit_codes => [0])
+      shell("grep #{@registry_address} #{config_file}", :acceptable_exit_codes => [0])
+      shell("test -e \"#{root_dir}/registry-auth-puppet_receipt_#{server_strip}_root\"", :acceptable_exit_codes => [0])
     end
 
     it 'should be able to logout from the registry' do
@@ -172,7 +193,7 @@ class { 'docker': }
         }
       EOS
       apply_manifest(manifest, :catch_failures=>true)
-      shell("grep #{@registry_address} #{@config_file}", :acceptable_exit_codes => [1,2])
+      shell("grep #{@registry_address} #{config_file}", :acceptable_exit_codes => [1,2])
       # shell("grep #{@registry_email} #{@config_file}", :acceptable_exit_codes => [1,2])
     end
 
@@ -184,8 +205,8 @@ class { 'docker': }
         }
       EOS
       apply_manifest(manifest, :catch_failures=>true)
-      shell("grep #{@registry_bad_address} #{@config_file}", :acceptable_exit_codes => [1,2])
-      shell("test -e \"/root/registry-auth-puppet_receipt_#{@registry_bad_address}_root\"", :acceptable_exit_codes => [1])
+      shell("grep #{@registry_bad_address} #{config_file}", :acceptable_exit_codes => [1,2])
+      shell("test -e \"#{root_dir}/registry-auth-puppet_receipt_#{bad_server_strip}_root\"", :acceptable_exit_codes => [1])
     end
 
   end

Diff for: spec/spec_helper_acceptance.rb

@@ -130,7 +130,9 @@ def retry_on_error_matching(max_retry_count = 3, retry_wait_interval_secs = 5, e
         end
 
         if fact_on(host, 'osfamily') == 'windows'
-          apply_manifest_on(host, "class { 'docker': docker_ee => true }")
+          win_host = only_host_with_role(hosts, 'default')
+          @windows_ip = win_host.ip
+          apply_manifest_on(host, "class { 'docker': docker_ee => true, extra_parameters => '\"insecure-registries\": [ \"#{@windows_ip}:5000\" ]' }")
           docker_path = "/cygdrive/c/Program Files/Docker"
           host.add_env_var('PATH', docker_path)
           puts "Waiting for box to come online"

Diff for: templates/windows/check_hash.ps1.erb

@@ -0,0 +1,17 @@
+#file computes the 512SHA for a given string and writes it to a file
+
+$String = $env:docker_auth
+$HashName = "SHA512"
+$StringBuilder = New-Object System.Text.StringBuilder 
+[System.Security.Cryptography.HashAlgorithm]::Create($HashName).ComputeHash([System.Text.Encoding]::UTF8.GetBytes($String))|%{ 
+[Void]$StringBuilder.Append($_.ToString("x2")) 
+} 
+
+if([System.IO.File]::Exists("<%= @passfile %>")){
+    $CurrentContent = Get-Content -Path "<%= @passfile %>"
+    if($CurrentContent -eq $StringBuilder.ToString()){
+        exit 0
+    }
+}
+
+exit 1

Diff for: templates/windows/config/daemon.json.erb

@@ -14,5 +14,8 @@
     <% if @bridge %>"bridge": "<%= @bridge %>",<% end -%>
     <% if @fixed_cidr %>"fixed-cidr": "<%= @fixed_cidr %>",<% end -%>
     <% if @registry_mirror %>"registry-mirrors": ["<%= @registry_mirror%>"], <% end -%>
+    <% if @extra_parameters %><% @extra_parameters_array.each do |param| %>
+    <%= param %> ,<% end %>
+    <% end -%>
     "labels": <%= @labels_array.to_json %>
 }