Merge pull request #210 from dmage/readonly

Add ReadOnly flag

Author: openshift-merge-robot

pkg/apis/imageregistry/v1/types.go

@@ -104,6 +104,10 @@ type ImageRegistrySpec struct {
 	// Storage details for configuring registry storage, e.g. S3 bucket coordinates.
 	Storage ImageRegistryConfigStorage `json:"storage,omitempty"`
 
+	// ReadOnly indicates whether the registry instance should reject attempts
+	// to push new images or delete existing ones.
+	ReadOnly bool `json:"readOnly,omitempty"`
+
 	// Requests controls how many parallel requests a given registry instance will handle before queuing additional requests
 	Requests ImageRegistryConfigRequests `json:"requests,omitempty"`
 

pkg/resource/podtemplatespec.go

@@ -125,6 +125,10 @@ func makePodTemplateSpec(coreClient coreset.CoreV1Interface, driver storage.Driv
 		corev1.EnvVar{Name: "REGISTRY_OPENSHIFT_SERVER_ADDR", Value: fmt.Sprintf("%s.%s.svc:%d", params.Service.Name, params.Deployment.Namespace, params.Container.Port)},
 	)
 
+	if cr.Spec.ReadOnly {
+		env = append(env, corev1.EnvVar{Name: "REGISTRY_STORAGE_MAINTENANCE_READONLY", Value: "{enabled: true}"})
+	}
+
 	if cr.Spec.Proxy.HTTP != "" {
 		env = append(env, corev1.EnvVar{Name: "HTTP_PROXY", Value: cr.Spec.Proxy.HTTP})
 	}

test/e2e/readonly_test.go

@@ -0,0 +1,65 @@
+package e2e
+
+import (
+	"testing"
+
+	corev1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+
+	operatorapi "github.com/openshift/api/operator/v1"
+
+	imageregistryv1 "github.com/openshift/cluster-image-registry-operator/pkg/apis/imageregistry/v1"
+	"github.com/openshift/cluster-image-registry-operator/test/framework"
+)
+
+func TestReadOnly(t *testing.T) {
+	client := framework.MustNewClientset(t, nil)
+
+	defer framework.MustRemoveImageRegistry(t, client)
+
+	cr := &imageregistryv1.Config{
+		TypeMeta: metav1.TypeMeta{
+			APIVersion: imageregistryv1.SchemeGroupVersion.String(),
+			Kind:       "Config",
+		},
+		ObjectMeta: metav1.ObjectMeta{
+			Name: imageregistryv1.ImageRegistryResourceName,
+		},
+		Spec: imageregistryv1.ImageRegistrySpec{
+			ManagementState: operatorapi.Managed,
+			Storage: imageregistryv1.ImageRegistryConfigStorage{
+				Filesystem: &imageregistryv1.ImageRegistryConfigStorageFilesystem{
+					VolumeSource: corev1.VolumeSource{
+						EmptyDir: &corev1.EmptyDirVolumeSource{},
+					},
+				},
+			},
+			ReadOnly: true,
+			Replicas: 1,
+		},
+	}
+	framework.MustDeployImageRegistry(t, client, cr)
+	framework.MustEnsureImageRegistryIsAvailable(t, client)
+	framework.MustEnsureInternalRegistryHostnameIsSet(t, client)
+	framework.MustEnsureClusterOperatorStatusIsSet(t, client)
+	framework.MustEnsureOperatorIsNotHotLooping(t, client)
+
+	deploy, err := client.Deployments(imageregistryv1.ImageRegistryOperatorNamespace).Get(imageregistryv1.ImageRegistryName, metav1.GetOptions{})
+	if err != nil {
+		t.Fatal(err)
+	}
+	found := false
+	for _, env := range deploy.Spec.Template.Spec.Containers[0].Env {
+		if env.Name == "REGISTRY_STORAGE_MAINTENANCE_READONLY" {
+			if expected := "{enabled: true}"; env.Value != expected {
+				t.Errorf("%s: got %q, want %q", env.Name, env.Value, expected)
+			} else {
+				found = true
+			}
+		}
+	}
+	if !found {
+		framework.DumpObject(t, "deployment", deploy)
+		t.Error("environment variable REGISTRY_STORAGE_MAINTENANCE_READONLY_ENABLED=true is not found")
+	}
+}