Fix detection of IMAGESWAP_DISABLE_AUTO_MWC

[howardburgess]

What type of PR is this? /kind bug

What this PR does / why we need it: Makes ImageSwap correctly honour the IMAGESWAP_DISABLE_AUTO_MWC env var, introduced in v1.5.1.

Which issue(s) this PR fixes:

Fixes https://github.com/phenixblue/imageswap-webhook/issues/87

Special notes for your reviewer:

Does this PR introduce a user-facing change?:

NONE

Additional documentation e.g., usage docs, etc.:

[phenixblue]

@howardburgess have you looked at why the CI checks are failing? I haven't had time to dig in, but trying to not let this slide

[howardburgess]

have you looked at why the CI checks are failing? I haven't had time to dig in, but trying to not let this slide

Hi @phenixblue , just had a look:

Unit tests

Failing due to a hash mismatch for MarkupSafe (job).

[pipenv.exceptions.InstallError]:   Using cached MarkupSafe-2.0.1-cp38-cp38-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (30 kB)
[pipenv.exceptions.InstallError]: ERROR: THESE PACKAGES DO NOT MATCH THE HASHES FROM THE REQUIREMENTS FILE. If you have updated the package versions, please update the hashes. Otherwise, examine the package contents carefully; someone may have tampered with them.
...
[pipenv.exceptions.InstallError]:         Expected sha256 01a9b8ea66f1658938f65b93a85ebe8bc016e6769611be228d797c9d998dd298
[pipenv.exceptions.InstallError]:         Expected     or 023cb26ec21ece8dc3907c0e8320058b2e0cb3c55cf9564da612bc325bed5e64
...
[pipenv.exceptions.InstallError]:              Got        3dd007d54ee88b46be476e293f48c85048603f5f516008bee124ddd891398ed6

The hash 3dd007d54ee88b46be476e293f48c85048603f5f516008bee124ddd891398ed6 does match what's on pypi.org here.

The innocuous version bump in https://github.com/phenixblue/imageswap-webhook/pull/42 added these hashes in July 2021, whereas pypi.org was updated in August 2021. Strange, since MarkupSafe's v2.0.1 release was in May 2021.

I admit I'm not a Python developer and have had trouble using pip to update only the hashes for MarkupSafe, which is a transient dependency. If you had a moment to take a look, I can rebase my branch.

E2E tests

Feels like some transient issues, which a re-run might solve.

• K8s v1.20: passing
• K8s v1.21 failing to install most dependencies, but not clear what the error is (job).

  #11 [6/8] RUN pipenv install --system --deploy
  #11 1.041 Installing dependencies from Pipfile.lock (968396)...
  #11 108.8 An error occurred while installing cachetools==5.2.0 ; python_version ~= '3.7' --hash=sha256:f9f17d2aec496a9aa6b76f53e3b614c965223c061982d434d160f930c698a9db --hash=sha256:6a94c6402995a99c3970cc7e4884bb60b4a8639938157eeed436098bf9831757! Will try again.

• K8s v1.22 timed out starting kind cluster

  Creating cluster "kind" ...
  ...
  ✓ Installing StorageClass 💾
  • Waiting ≤ 6m0s for control-plane = Ready ⏳  ...
  Error: The operation was canceled.

  Dockerfile:13
  --------------------
  11 |     RUN pip install pipenv
  12 |     
  13 | >>> RUN pipenv install --system --deploy
  14 |     
  15 |     RUN apk del gcc musl-dev python3-dev libffi-dev openssl-dev

• K8s 1.23: passing

When I build the failing v1.21 imageswap-init image locally I see no errors, which is strange:

Docker version output

``` ❯ docker version Client: Version: 20.10.17-rd API version: 1.41 Go version: go1.17.11 Git commit: c2e4e01 Built: Fri Jul 22 18:32:57 2022 OS/Arch: darwin/arm64 Context: default Experimental: true Server: Engine: Version: 20.10.18 API version: 1.41 (minimum version 1.12) Go version: go1.18.6 Git commit: e42327a6d3c55ceda3bd5475be7aae6036d02db3 Built: Sun Sep 11 07:10:00 2022 OS/Arch: linux/arm64 Experimental: false containerd: Version: v1.6.8 GitCommit: 9cd3357b7fd7218e4aec3eae239db1f68a5a6ec6 runc: Version: 1.1.4 GitCommit: 5fd4c4d144137e991c4acebb2146ab1483a97925 docker-init: Version: 0.19.0 GitCommit: ❯ docker buildx version github.com/docker/buildx v0.9.1 ed00243a0ce2a0aee75311b06e32d33b44729689 ```

Docker build output

``` ❯ docker buildx build . [+] Building 0.9s (14/14) FINISHED => [internal] load build definition from Dockerfile 0.0s => => transferring dockerfile: 32B 0.0s => [internal] load .dockerignore 0.0s => => transferring context: 2B 0.0s => [internal] load metadata for docker.io/library/python:3.8-alpine 0.9s => [auth] library/python:pull token for registry-1.docker.io 0.0s => [1/8] FROM docker.io/library/python:3.8-alpine@sha256:6fb0e290e9c69d7c58f75a6b881380081ff73017440f8fa804dfd880aa908179 0.0s => [internal] load build context 0.0s => => transferring context: 100B 0.0s => CACHED [2/8] COPY ./Pipfile* /app/ 0.0s => CACHED [3/8] WORKDIR /app 0.0s => CACHED [4/8] RUN apk add --update --no-cache bind-tools ca-certificates gcc musl-dev python3-dev libffi-dev openssl-dev 0.0s => CACHED [5/8] RUN pip install pipenv 0.0s => CACHED [6/8] RUN pipenv install --system --deploy 0.0s => CACHED [7/8] RUN apk del gcc musl-dev python3-dev libffi-dev openssl-dev 0.0s => CACHED [8/8] COPY ./imageswap-init.py /app/ 0.0s => exporting to image 0.0s => => exporting layers 0.0s => => writing image sha256:18ccf144a8f98ed7090a76737cf8666f684c19fee097f7aba77405736b789efe 0.0s ```

[phenixblue]

Ok, I think I got the hashes updated as part of #91. Once that is merged, you should be able to rebase and I imagine all checks will pass. Sorry for the delay, lots of stuff going on with my new job/personal life and haven't had as much time as I'd like to work on this.

[howardburgess]

Thanks, and no apology needed - we appreciate the work you put into this useful project. I'll keep an eye on #91 and will rebase when merged.

[howardburgess]

Thanks @phenixblue I have rebased to pick up #91 and CI is looking much happier. Just failing on e2e for Kubernetes 1.22, which doesn't look related to my change. Are you able to kick that job off again?

https://github.com/phenixblue/imageswap-webhook/actions/runs/3732799706/jobs/6332889122

[INFO] apply: "test-pod01.yaml"
[30](https://github.com/phenixblue/imageswap-webhook/actions/runs/3732799706/jobs/6332889122#step:11:31)
Error from server (InternalError): error when creating "testing/pods/test-pod01.yaml": Internal error occurred: failed calling webhook "imageswap.webhook.k8s.twr.io": failed to call webhook: Post "[https://imageswap.imageswap-system.svc:443/?timeout=10s](https://imageswap.imageswap-system.svc/?timeout=10s)": read tcp 172.18.0.2:50894->10.96.190.222:443: read: connection reset by peer
[31](https://github.com/phenixblue/imageswap-webhook/actions/runs/3732799706/jobs/6332889122#step:11:32)
make: *** [Makefile:143: test-functional] Error 1
[32](https://github.com/phenixblue/imageswap-webhook/actions/runs/3732799706/jobs/6332889122#step:11:33)
Error:  Test did not pass. Exiting...
[33](https://github.com/phenixblue/imageswap-webhook/actions/runs/3732799706/jobs/6332889122#step:11:34)

[phenixblue]

Yes, just triggered the job to re-run