Throw an error on missing credentials for custom build repo (#564)

Signed-off-by: Paolo Di Tommaso <paolo.ditommaso@gmail.com>

src/main/groovy/io/seqera/wave/service/inspect/ContainerInspectServiceImpl.groovy

@@ -33,6 +33,7 @@ import io.seqera.wave.core.ContainerPath
 import io.seqera.wave.core.RegistryProxyService
 import io.seqera.wave.core.spec.ConfigSpec
 import io.seqera.wave.core.spec.ContainerSpec
+import io.seqera.wave.exception.BadRequestException
 import io.seqera.wave.http.HttpClientFactory
 import io.seqera.wave.model.ContainerCoordinates
 import io.seqera.wave.proxy.ProxyClient
@@ -91,7 +92,16 @@ class ContainerInspectServiceImpl implements ContainerInspectService {
             repos.add(buildRepo)
         if( cacheRepo )
             repos.add(cacheRepo)
-        return credsJson(repos, identity)
+        final result = credsJson(repos, identity)
+        if( buildRepo && !result.contains(host0(buildRepo)) )
+            throw new BadRequestException("Missing credentials for target build repository: $buildRepo")
+        if( cacheRepo && !result.contains(host0(cacheRepo)) )
+            throw new BadRequestException("Missing credentials for target cache repository: $buildRepo")
+        return result
+    }
+
+    static protected String host0(String repo) {
+        repo.tokenize('/')[0]
     }
 
     protected String credsJson(Set<String> repositories, PlatformId identity) {

src/test/groovy/io/seqera/wave/controller/ContainerControllerHttpTest.groovy

@@ -42,7 +42,6 @@ import io.seqera.wave.service.pairing.PairingService
 import io.seqera.wave.service.pairing.PairingServiceImpl
 import io.seqera.wave.tower.User
 import io.seqera.wave.tower.auth.JwtAuth
-import io.seqera.wave.tower.client.ListCredentialsResponse
 import io.seqera.wave.tower.client.TowerClient
 import io.seqera.wave.tower.client.UserInfoResponse
 import jakarta.inject.Inject
@@ -307,103 +306,58 @@ class ContainerControllerHttpTest extends Specification {
     }
 
     def 'should get the correct image name with imageSuffix name strategy'(){
-        given:
-        def endpoint = 'http://cloud.seqera.io'
-        def token = 'foo'
-        def refresh = 'foo2'
-        def auth = JwtAuth.of(endpoint, token, refresh)
-        and:
-        pairingService.getPairingRecord(TOWER_SERVICE, endpoint) >> { new PairingRecord('tower', endpoint) }
-        towerClient.userInfo(endpoint, auth) >> CompletableFuture.completedFuture(new UserInfoResponse(user:new User(id:1)))
-        towerClient.listCredentials(_,_,_) >> CompletableFuture.completedFuture(new ListCredentialsResponse(credentials:[]))
-
         when:
-        def cfg = new ContainerConfig(workingDir: '/foo')
         def packages = new PackagesSpec(channels: ['conda-forge', 'bioconda'], entries: ['salmon'], type: 'CONDA')
         SubmitContainerTokenRequest request =
                 new SubmitContainerTokenRequest(
-                        towerAccessToken: token,
-                        towerRefreshToken: refresh,
-                        towerEndpoint: endpoint,
-                        towerWorkspaceId: 10,
                         nameStrategy: "imageSuffix",
                         packages: packages,
                         freeze: true,
-                        buildRepository: "registry/repository")
+                        buildRepository: "docker.io/foo/test")
         and:
         def response = httpClient
                 .toBlocking()
                 .exchange(HttpRequest.POST("/v1alpha2/container", request), SubmitContainerTokenResponse)
                 .body()
 
         then:
-        response.targetImage.startsWith("registry/repository/salmon")
+        response.targetImage.startsWith("docker.io/foo/test/salmon")
     }
 
     def 'should get the correct image name with tagPrefix name strategy'(){
-        given:
-        def endpoint = 'http://cloud.seqera.io'
-        def token = 'foo'
-        def refresh = 'foo2'
-        def auth = JwtAuth.of(endpoint, token, refresh)
-        and:
-        pairingService.getPairingRecord(TOWER_SERVICE, endpoint) >> { new PairingRecord('tower', endpoint) }
-        towerClient.userInfo(endpoint, auth) >> CompletableFuture.completedFuture(new UserInfoResponse(user:new User(id:1)))
-        towerClient.listCredentials(_,_,_) >> CompletableFuture.completedFuture(new ListCredentialsResponse(credentials:[]))
-
         when:
-        def cfg = new ContainerConfig(workingDir: '/foo')
         def packages = new PackagesSpec(channels: ['conda-forge', 'bioconda'], entries: ['salmon'], type: 'CONDA')
         SubmitContainerTokenRequest request =
                 new SubmitContainerTokenRequest(
-                        towerAccessToken: token,
-                        towerRefreshToken: refresh,
-                        towerEndpoint: endpoint,
-                        towerWorkspaceId: 10,
                         nameStrategy: "tagPrefix",
                         packages: packages,
                         freeze: true,
-                        buildRepository: "registry/repository")
+                        buildRepository: "docker.io/foo/test")
         and:
         def response = httpClient
                 .toBlocking()
                 .exchange(HttpRequest.POST("/v1alpha2/container", request), SubmitContainerTokenResponse)
                 .body()
 
         then:
-        response.targetImage.startsWith("registry/repository:salmon")
+        response.targetImage.startsWith("docker.io/foo/test:salmon")
     }
 
     def 'should get the correct image name with default name strategy'(){
-        given:
-        def endpoint = 'http://cloud.seqera.io'
-        def token = 'foo'
-        def refresh = 'foo2'
-        def auth = JwtAuth.of(endpoint, token, refresh)
-        and:
-        pairingService.getPairingRecord(TOWER_SERVICE, endpoint) >> { new PairingRecord('tower', endpoint) }
-        towerClient.userInfo(endpoint, auth) >> CompletableFuture.completedFuture(new UserInfoResponse(user:new User(id:1)))
-        towerClient.listCredentials(_,_,_) >> CompletableFuture.completedFuture(new ListCredentialsResponse(credentials:[]))
-
         when:
-        def cfg = new ContainerConfig(workingDir: '/foo')
         def packages = new PackagesSpec(channels: ['conda-forge', 'bioconda'], entries: ['salmon'], type: 'CONDA')
         SubmitContainerTokenRequest request =
                 new SubmitContainerTokenRequest(
-                        towerAccessToken: token,
-                        towerRefreshToken: refresh,
-                        towerEndpoint: endpoint,
-                        towerWorkspaceId: 10,
                         packages: packages,
                         freeze: true,
-                        buildRepository: "registry/repository")
+                        buildRepository: "docker.io/foo/test")
         and:
         def response = httpClient
                 .toBlocking()
                 .exchange(HttpRequest.POST("/v1alpha2/container", request), SubmitContainerTokenResponse)
                 .body()
 
         then:
-        response.targetImage.startsWith("registry/repository:salmon")
+        response.targetImage.startsWith("docker.io/foo/test:salmon")
     }
 }

src/test/groovy/io/seqera/wave/service/builder/ContainerBuildServiceTest.groovy

@@ -93,8 +93,6 @@ class ContainerBuildServiceTest extends Specification implements RedisTestContai
 
         when:
         def result = service.launch(req)
-        and:
-        println result.logs
         then:
         result.id
         result.startTime
@@ -589,4 +587,13 @@ class ContainerBuildServiceTest extends Specification implements RedisTestContai
         record2.buildId == request.buildId
         record2.digest == 'abc123'
     }
+
+    def 'should return only the host name' () {
+        expect:
+        ContainerInspectServiceImpl.host0(CONTAINER) == EXPECTED
+        where:
+        CONTAINER       | EXPECTED
+        'docker.io'     | 'docker.io'
+        'docker.io/foo/'| 'docker.io'
+    }
 }