Update tests and secret management

cmd/job_run.go

@@ -267,10 +267,11 @@ func (cmd *JobRun) Execute(args []string) (err error) {
 		if err != nil {
 			return renderServiceError(err, "failed to list secrets")
 		}
+		_, _, registry := svc.ExtractRegistry(in.Image)
 		for _, secret := range secrets.Items {
 			if secret.Details.Image == in.Image {
 				if cmd.CleanCreds {
-					username, password, err := cmd.getCredentials()
+					username, password, err := cmd.getCredentials(registry)
 					if err != nil {
 						return err
 					}
@@ -284,7 +285,7 @@ func (cmd *JobRun) Execute(args []string) (err error) {
 			}
 		}
 		if in.Secret == "" {
-			username, password, err := cmd.getCredentials()
+			username, password, err := cmd.getCredentials(registry)
 			if err != nil {
 				return err
 			}
@@ -357,8 +358,11 @@ func (cmd *JobRun) rollbackDatasets(ctx context.Context, mgr transfer.Manager, i
 	return err
 }
 
-func (cmd *JobRun) getCredentials() (username, password string, err error) {
-	cmd.out.Infof("Please provide credentials for the Docker repository that stores the private image:")
+func (cmd *JobRun) getCredentials(registry string) (username, password string, err error) {
+	if registry == "index.docker.io" {
+		registry = "Docker Hub"
+	}
+	cmd.out.Infof("Please provide credentials for the %s repository that stores the private image:", registry)
 	username = os.Getenv("NERD_IMAGE_USERNAME")
 	if username == "" {
 		username, err = cmd.out.Ask("Username: ")

spec.json

@@ -434,13 +434,13 @@
 					},
 					{
 						"long_name": "private",
-						"description": "use this flag with a private image, a prompt will ask for your username and password. If DOCKER_USERNAME and/or DOCKER_PASSWORD are provided, they will be used as values to populate the registry secret.",
+						"description": "use this flag with a private image, a prompt will ask for your username and password of the repository that stores the image. If NERD_IMAGE_USERNAME and/or NERD_IMAGE_PASSWORD environment variables are set, those values are used instead.",
 						"default_value": null,
 						"choices": null
 					},
 					{
 						"long_name": "clean-creds",
-						"description": "to be used with the '--private' flag, a prompt will ask again for your username and password. If DOCKER_USERNAME and/or DOCKER_PASSWORD are provided, they will be used as values to update the secret.",
+						"description": "to be used with the '--private' flag, a prompt will ask again for your image repository username and password. If NERD_IMAGE_USERNAME and/or NERD_IMAGE_PASSWORD environment variables are provided, they will be used as values to update the secret.",
 						"default_value": null,
 						"choices": null
 					}

svc/kube_create_secret.go

@@ -17,8 +17,10 @@ import (
 //CreateSecretInput is the input to CreateSecret
 type CreateSecretInput struct {
 	Image    string `validate:"printascii"`
-	Username string
-	Password string
+	Registry string `validate:"required"`
+	Project  string
+	Username string `validate:"required"`
+	Password string `validate:"required"`
 }
 
 //CreateSecretOutput is the output to CreateSecret
@@ -32,16 +34,15 @@ func (k *Kube) CreateSecret(ctx context.Context, in *CreateSecretInput) (out *Cr
 		return nil, err
 	}
 
-	image, project, registry := extractRegistry(in.Image)
 	secret := &v1.Secret{
 		ObjectMeta: metav1.ObjectMeta{
-			Labels: map[string]string{"image": image, "project": project, "registry": registry},
+			Labels: map[string]string{"image": in.Image, "project": in.Project, "registry": in.Registry},
 		},
 		Type: v1.SecretTypeDockerConfigJson,
 		Data: map[string][]byte{},
 	}
 
-	secret.Data[v1.DockerConfigJsonKey], err = transformCredentials(in.Username, in.Password, registry)
+	secret.Data[v1.DockerConfigJsonKey], err = transformCredentials(in.Username, in.Password, in.Registry)
 	if err != nil {
 		return nil, err
 	}
@@ -78,7 +79,8 @@ func transformCredentials(username, password, registry string) (dockereCfg []byt
 	return dockerCfg, nil
 }
 
-func extractRegistry(image string) (string, string, string) {
+// ExtractRegistry takes a string as input and divides it in image, project, registry
+func ExtractRegistry(image string) (string, string, string) {
 	// Supported registries:
 	// - project/image -> index.docker.io
 	// - ACCOUNT.dkr.ecr.REGION.amazonaws.com/image -> aws

svc/kube_create_secret_test.go

@@ -32,7 +32,7 @@ func TestCreateSecret(t *testing.T) {
 		{
 			Name:    "when a valid input is provided it should return a secret with a unique name",
 			Timeout: time.Second * 5,
-			Input:   &svc.CreateSecretInput{Image: "quay.io/nerdalize/smoketest", Username: "test", Password: "test"},
+			Input:   &svc.CreateSecretInput{Image: "smoketest", Project: "nerdalize", Registry: "quay.io", Username: "test", Password: "test"},
 			IsErr:   nil,
 			IsOutput: func(t testing.TB, out *svc.CreateSecretOutput) {
 				assert(t, out != nil, "output should not be nil")

svc/kube_delete_secret_test.go

@@ -68,7 +68,6 @@ func TestDeleteSecret(t *testing.T) {
 }
 
 func TestDeleteSpecificSecret(t *testing.T) {
-	image := "quay.io/nerdalize/smoketest"
 	timeout := time.Minute
 
 	if testing.Short() {
@@ -83,7 +82,7 @@ func TestDeleteSpecificSecret(t *testing.T) {
 	defer cancel()
 
 	kube := svc.NewKube(di)
-	secret, err := kube.CreateSecret(ctx, &svc.CreateSecretInput{Image: image, Username: "test", Password: "test"})
+	secret, err := kube.CreateSecret(ctx, &svc.CreateSecretInput{Image: "smoketest", Project: "nerdalize", Registry: "quay.io", Username: "test", Password: "test"})
 	ok(t, err)
 
 	out, err := kube.DeleteSecret(ctx, &svc.DeleteSecretInput{Name: secret.Name})

svc/kube_get_secret_test.go

@@ -87,7 +87,7 @@ func TestGetSpecificSecret(t *testing.T) {
 	defer cancel()
 
 	kube := svc.NewKube(di)
-	secret, err := kube.CreateSecret(ctx, &svc.CreateSecretInput{Image: image, Username: "test", Password: "test"})
+	secret, err := kube.CreateSecret(ctx, &svc.CreateSecretInput{Image: "smoketest", Project: "nerdalize", Registry: "quay.io", Username: "test", Password: "test"})
 	ok(t, err)
 
 	out, err := kube.GetSecret(ctx, &svc.GetSecretInput{Name: secret.Name})

svc/kube_list_secrets_test.go

@@ -44,13 +44,13 @@ func TestListSecrets(t *testing.T) {
 		{
 			Name:    "when one correct secret was created it should be listed",
 			Timeout: time.Minute,
-			Secrets: []*svc.CreateSecretInput{{Image: "quay.io/nerdalize/smoketest", Username: "test", Password: "test"}},
+			Secrets: []*svc.CreateSecretInput{{Image: "smoketest", Project: "nerdalize", Registry: "quay.io", Username: "test", Password: "test"}},
 			Input:   &svc.ListSecretsInput{},
 			IsErr:   isNilErr,
 			IsOutput: func(t testing.TB, out *svc.ListSecretsOutput) bool {
 				assert(t, len(out.Items) == 1, "expected one secret to be listed")
 				assert(t, !out.Items[0].Details.CreatedAt.IsZero(), "created at time should not be zero")
-
+				assert(t, out.Items[0].Details.Image == "quay.io/nerdalize/smoketest", "expected to find complete image name")
 				assert(t, strings.HasPrefix(out.Items[0].Name, "s-"), "expected secret name to be prefixed has expected")
 				return true
 			},

svc/kube_update_secret_test.go

@@ -18,7 +18,9 @@ func TestUpdateSecret(t *testing.T) {
 
 	kube := svc.NewKube(di)
 	out, err := kube.CreateSecret(ctx, &svc.CreateSecretInput{
-		Image:    "quay.io/nerdalize/smoketest",
+		Image:    "smoketest",
+		Project:  "nerdalize",
+		Registry: "quay.io",
 		Username: "test",
 		Password: "test",
 	})