add support for creating quay related configuration information to th…

…e registries.json during installation

bin/_registries.lib

@@ -44,5 +44,31 @@ function create_registries_json() {
                   --argjson ENGINES_PUBLIC_TLS_VERIFY "${ENGINES_REPO_TLS_VERIFY}" \
                   '.engines.public += { "tls-verify": $ENGINES_PUBLIC_TLS_VERIFY }'
     fi
+}
+
+# add quay specific information to an existing registries.json
+function registries_json_add_quay() {
+    local ENGINES_QUAY_EXPIRATION_LENGTH
+    ENGINES_QUAY_EXPIRATION_LENGTH=$1
+    local ENGINES_QUAY_EXPIRATION_REFRESH_TOKEN
+    ENGINES_QUAY_EXPIRATION_REFRESH_TOKEN=$2
+    local ENGINES_QUAY_EXPIRATION_REFRESH_API_URL
+    ENGINES_QUAY_EXPIRATION_REFRESH_API_URL=$3
+
+    if [ -z "${REGISTRIES_CFG}" ]; then
+        exit_error "ERROR: \%REGISTRIES_CFG must be defined when calling $0"
+    fi
 
+    if [ "${ENGINES_QUAY_EXPIRATION_LENGTH}" != "SKIP_QUAY" ]; then
+        jq_update ${REGISTRIES_CFG} "${REGISTRIES_CFG}:create-engines-quay-expiration-length" \
+                  --arg ENGINES_PUBLIC_QUAY_EXPIRATION_LENGTH "${ENGINES_QUAY_EXPIRATION_LENGTH}" \
+                  '.engines.public += { "quay": { "expiration-length": $ENGINES_PUBLIC_QUAY_EXPIRATION_LENGTH } }'
+
+        if [ -n "${ENGINES_QUAY_EXPIRATION_REFRESH_TOKEN}" -a -n "${ENGINES_QUAY_EXPIRATION_REFRESH_API_URL}" ]; then
+            jq_update ${REGISTRIES_CFG} "${REGISTRIES_CFG}:create-engines-quay-expiration-refresh-token" \
+                      --arg ENGINES_PUBLIC_QUAY_EXPIRATION_REFRESH_TOKEN "${ENGINES_QUAY_EXPIRATION_REFRESH_TOKEN}" \
+                      --arg ENGINES_PUBLIC_QUAY_EXPIRATION_REFRESH_API_URL "${ENGINES_QUAY_EXPIRATION_REFRESH_API_URL}" \
+                      '.engines.public.quay += { "refresh-expiration": { "token-file": $ENGINES_PUBLIC_QUAY_EXPIRATION_REFRESH_TOKEN, "api-url": $ENGINES_PUBLIC_QUAY_EXPIRATION_REFRESH_API_URL } }'
+        fi
+    fi
 }

bin/base

@@ -991,7 +991,8 @@ if [ ! -e ${REGISTRIES_CFG} ]; then
         ${CRUCIBLE_CONTROLLER_IMAGE} \
         ${CRUCIBLE_ENGINE_REPO} \
         ${CRUCIBLE_ENGINE_REPO_AUTH_TOKEN} \
-        ${CRUCIBLE_ENGINE_REPO_TLS_VERIFY}
+        ${CRUCIBLE_ENGINE_REPO_TLS_VERIFY} \
+        "SKIP_QUAY"
 
     echo "Contents of ${REGISTRIES_CFG}:"
     cat ${REGISTRIES_CFG}

crucible-install.sh

@@ -12,6 +12,7 @@ GIT_INSTALL_LOG="/tmp/crucible-git-install.log"
 CRUCIBLE_CONTROLLER_REGISTRY="quay.io/crucible/controller:latest"
 DEFAULT_GIT_REPO="https://github.com/perftool-incubator/crucible"
 DEFAULT_GIT_BRANCH="master"
+DEFAULT_QUAY_EXPIRATION_LENGTH="13w"
 GIT_REPO=""
 GIT_BRANCH=""
 GIT_TAG=""
@@ -35,6 +36,8 @@ EC_PUSHD_FAIL=15
 EC_PULL_FAIL=16
 EC_RELEASE_DEFAULT_REPO_ONLY=18
 EC_RELEASE_CONFLICTS_WITH_BRANCH=19
+EC_INVALID_QUAY_EXPIRATION_LENGTH=20
+EC_OAUTH_FILE_NOT_FOUND=21
 
 # remove a previous installation log
 if [ -e ${GIT_INSTALL_LOG} ]; then
@@ -153,6 +156,15 @@ function usage {
 
     optional:
 
+        --quay-engine-expiration-refresh-token <authentication file>>
+        Quay OAuth authentication token file for refreshing engine image expiration timestamps.
+
+        --quay-engine-expiration-refresh-api-url <api url>
+        Quay API URL that is used to operate on the engine registry.
+
+        --quay-engine-expiration-length <length>
+        How long should a Quay repo allow the engine images to live before they expire.
+
         --engine-auth-file <authentication file>
         Authentication file for pushing images to the remote registry.
   
@@ -359,7 +371,8 @@ function update_repos_config() {
 
 longopts="name:,email:,help,list-releases,verbose"
 longopts+=",client-server-registry:,client-server-auth-file:,client-server-tls-verify:"
-longopts+=",engine-registry:,engine-auth-file:,engine-tls-verify:"
+longopts+=",engine-registry:,engine-auth-file:,engine-tls-verify:,quay-engine-expiration-length:"
+longopts+=",quay-engine-expiration-refresh-token:,quay-engine-expiration-refresh-api-url:"
 longopts+=",controller-registry:,git-repo:,git-branch:,release:"
 opts=$(getopt -q -o "" --longoptions "$longopts" -n "$0" -- "$@");
 if [ $? -ne 0 ]; then
@@ -369,6 +382,21 @@ fi
 eval set -- "$opts";
 while true; do
     case "$1" in
+        --quay-engine-expiration-refresh-token)
+            shift;
+            CRUCIBLE_ENGINE_QUAY_EXPIRATION_REFRESH_TOKEN="$1"
+            shift;
+            ;;
+        --quay-engine-expiration-refresh-api-url)
+            shift;
+            CRUCIBLE_ENGINE_QUAY_EXPIRATION_REFRESH_API_URL="$1"
+            shift;
+            ;;
+        --quay-engine-expiration-length)
+            shift;
+            CRUCIBLE_ENGINE_QUAY_EXPIRATION_LENGTH="$1"
+            shift;
+            ;;
         --client-server-tls-verify|--engine-tls-verify)
             shift;
             CRUCIBLE_ENGINE_TLS_VERIFY="$1"
@@ -471,6 +499,18 @@ for dep in $DEPENDENCIES; do
     has_dependency $dep
 done
 
+if [ -n "${CRUCIBLE_ENGINE_QUAY_EXPIRATION_LENGTH}" ]; then
+    if ! echo "${CRUCIBLE_ENGINE_QUAY_EXPIRATION_LENGTH}" | grep -q "[1-9][0-9]*[wm]"; then
+        exit_error "Invalid syntax for engine Quay expiration length.  Expecting either '<integer>w' (for weeks) or '<integer>m' (for months)" ${EC_INVALID_QUAY_EXPIRATION_LENGTH}
+    fi
+fi
+
+if [ -n "${CRUCIBLE_ENGINE_QUAY_EXPIRATION_REFRESH_TOKEN}" ]; then
+    if [ ! -f "${CRUCIBLE_ENGINE_QUAY_EXPIRATION_REFRESH_TOKEN}" ]; then
+        exit_error "Crucible Quay engine refresh token file not found. See --quay-engine-expiration-refresh-token for details." $EC_OAUTH_FILE_NOT_FOUND
+    fi
+fi
+
 if [ ! -z ${CRUCIBLE_ENGINE_AUTH_FILE+x} ]; then
     if [ ! -f $CRUCIBLE_ENGINE_AUTH_FILE ]; then
         exit_error "Crucible authentication file not found. See --engine-auth-file for details." $EC_AUTH_FILE_NOT_FOUND
@@ -518,12 +558,25 @@ SYSCONFIG_CRUCIBLE_ENGINE_REGISTRY="${CRUCIBLE_ENGINE_REGISTRY}"
 SYSCONFIG_CRUCIBLE_ENGINE_AUTH=""
 SYSCONFIG_CRUCIBLE_ENGINE_TLS_VERIFY=""
 SYSCONFIG_CRUCIBLE_ENGINE_TLS_VERIFY="true"
+SYSCONFIG_CRUCIBLE_ENGINE_QUAY_EXPIRATION_LENGTH="${DEFAULT_QUAY_EXPIRATION_LENGTH}"
+SYSCONFIG_CRUCIBLE_ENGINE_QUAY_EXPIRATION_REFRESH_TOKEN=""
+SYSCONFIG_CRUCIBLE_ENGINE_QUAY_EXPIRATION_REFRESH_API_URL=""
+
 if [ -n "${CRUCIBLE_ENGINE_AUTH_FILE}" ]; then
     SYSCONFIG_CRUCIBLE_ENGINE_AUTH="${CRUCIBLE_ENGINE_AUTH_FILE}"
 fi
 if [ -n "${CRUCIBLE_ENGINE_TLS_VERIFY}" ]; then
     SYSCONFIG_CRUCIBLE_ENGINE_TLS_VERIFY="${CRUCIBLE_ENGINE_TLS_VERIFY}"
 fi
+if [ -n "${CRUCIBLE_ENGINE_QUAY_EXPIRATION_LENGTH}" ]; then
+    SYSCONFIG_CRUCIBLE_ENGINE_QUAY_EXPIRATION_LENGTH="${CRUCIBLE_ENGINE_QUAY_EXPIRATION_LENGTH}"
+fi
+if [ -n "${CRUCIBLE_ENGINE_QUAY_EXPIRATION_REFRESH_TOKEN}" ]; then
+    SYSCONFIG_CRUCIBLE_ENGINE_QUAY_EXPIRATION_REFRESH_TOKEN="${CRUCIBLE_ENGINE_QUAY_EXPIRATION_REFRESH_TOKEN}"
+fi
+if [ -n "${CRUCIBLE_ENGINE_QUAY_EXPIRATION_REFRESH_API_URL}" ]; then
+    SYSCONFIG_CRUCIBLE_ENGINE_QUAY_EXPIRATION_REFRESH_API_URL="${CRUCIBLE_ENGINE_QUAY_EXPIRATION_REFRESH_API_URL}"
+fi
 
 REGISTRIES_CFG=${INSTALL_PATH}/config/registries.json
 REGISTRIES_CFG_SCHEMA=${INSTALL_PATH}/schema/registries.json
@@ -542,6 +595,11 @@ _SYSCFG_
         ${SYSCONFIG_CRUCIBLE_ENGINE_AUTH} \
         ${SYSCONFIG_CRUCIBLE_ENGINE_TLS_VERIFY}
 
+    registries_json_add_quay \
+        ${SYSCONFIG_CRUCIBLE_ENGINE_QUAY_EXPIRATION_LENGTH} \
+        ${SYSCONFIG_CRUCIBLE_ENGINE_QUAY_EXPIRATION_REFRESH_TOKEN} \
+        ${SYSCONFIG_CRUCIBLE_ENGINE_QUAY_EXPIRATION_REFRESH_API_URL}
+
     # when the 'base' file is sourced with this particular parameter
     # set it will force the registries.json to be validated
     CRUCIBLE_CFG_JSON_VALIDATION="yes"

tests/test-installer

@@ -73,6 +73,19 @@ for arg_mode in client-server engine; do
     stop_test
 done
 
+start_test
+# oauth file not found
+ec=$(grep EC_OAUTH_FILE_NOT_FOUND= crucible-install.sh | cut -d '=' -f2)
+sudo ./crucible-install.sh \
+     --git-repo ${CRUCIBLE_DIR} \
+     --engine-registry myregistry.io/crucible \
+     --engine-auth-file /tmp/auth-file.json \
+     --quay-engine-expiration-refresh-token /tmp/oauth-file.json \
+     --quay-engine-expiration-refresh-api-url myregistry.io/crucible/api/url \
+     --verbose
+test "$?" = "$ec" || exit 1
+stop_test
+
 for arg_mode in client-server engine; do
     start_test
     echo "testing arg_mode=${arg_mode}"
@@ -87,6 +100,20 @@ for arg_mode in client-server engine; do
     stop_test
 done
 
+start_test
+# invalid quay expiration length
+touch /tmp/auth-file.json
+ec=$(grep EC_INVALID_QUAY_EXPIRATION_LENGTH= crucible-install.sh | cut -d '=' -f2)
+# TODO(rfolco): temporary workaround until we make it distro generic
+sudo ./crucible-install.sh \
+     --git-repo ${CRUCIBLE_DIR} \
+     --engine-registry myregistry.io/crucible \
+     --engine-auth-file /tmp/auth-file.json \
+     --quay-engine-expiration-length 1y \
+     --verbose
+test "$?" = "${ec}" || exit 1
+stop_test
+
 for arg_mode in client-server engine; do
     start_test
     echo "testing arg_mode=${arg_mode}"
@@ -149,6 +176,24 @@ for arg_mode in client-server engine; do
     stop_test
 done
 
+start_test
+# override existing installation
+touch /tmp/auth-file.json
+touch /tmp/oauth-file.json
+cfgfile=$(grep SYSCONFIG= crucible-install.sh | cut -d '=' -f2 | sed 's/"//g')
+# TODO(rfolco): temporary workaround until we make it distro generic
+sudo mkdir -p $(dirname $cfgfile)
+sudo ./crucible-install.sh \
+     --git-repo ${CRUCIBLE_DIR} \
+     --engine-registry myregistry.io/crucible \
+     --engine-auth-file /tmp/auth-file.json \
+     --quay-engine-expiration-refresh-token /tmp/oauth-file.json \
+     --quay-engine-expiration-refresh-api-url myregistry.io/crucible/api/url \
+     --verbose
+test "$?" = "0" || exit 1
+ls -ld /opt/crucible-moved* || exit 1
+stop_test
+
 for arg_mode in client-server engine; do
     start_test
     echo "testing arg_mode=${arg_mode}"