diff options
| author | Ed Santiago <santiago@redhat.com> | 2022-06-08 13:41:43 -0600 |
|---|---|---|
| committer | Ed Santiago <santiago@redhat.com> | 2022-06-08 19:33:07 -0600 |
| commit | bce97a3b5dd1477c74232b49d246491aa289a995 (patch) | |
| tree | c1258a578d6126df68210c1e3edb332ef63be22a /test/apiv2/test-apiv2 | |
| parent | 576c739e5ff01c760b383a258c62ed3ca7e1c30c (diff) | |
| download | podman-bce97a3b5dd1477c74232b49d246491aa289a995.tar.gz podman-bce97a3b5dd1477c74232b49d246491aa289a995.tar.bz2 podman-bce97a3b5dd1477c74232b49d246491aa289a995.zip | |
apiv2 tests: clean up
Mostly fix a bad design decision I made early on, re: registry.
old: registry starts once, runs to the end
new: registry is brought up on demand, then stopped
Reason: there are times when we need a password-controlled
registry, and times when we need it open.
As long as I'm in here, I've also cleaned up some confusing code
and fixed things so tests can run rootless again.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Diffstat (limited to 'test/apiv2/test-apiv2')
| -rwxr-xr-x | test/apiv2/test-apiv2 | 70 |
1 files changed, 39 insertions, 31 deletions
diff --git a/test/apiv2/test-apiv2 b/test/apiv2/test-apiv2 index bd28ae145..6151b7672 100755 --- a/test/apiv2/test-apiv2 +++ b/test/apiv2/test-apiv2 @@ -62,7 +62,7 @@ clean_up_server() { podman rm -a podman rmi -af - stop_registry + stop_registry --cleanup stop_service fi } @@ -242,7 +242,7 @@ function t() { esac done if [[ -z "$curl_args" ]]; then - curl_args+=(-d $(jsonify ${post_args[@]})) + curl_args=(-d $(jsonify ${post_args[@]})) testname="$testname [${curl_args[@]}]" fi fi @@ -273,10 +273,6 @@ function t() { curl_args+=("--head") fi - if [ -n "$REGISTRY_CONFIG_HEADER" ]; then - curl_args+=(-H "X-Registry-Config: $REGISTRY_CONFIG_HEADER") - fi - local expected_code=$1; shift # Log every action we do @@ -384,11 +380,6 @@ function start_service() { die "Cannot start service on non-localhost ($HOST)" fi - echo "rootdir: "$WORKDIR - # Some tests use shortnames; force registry override to work around - # docker.io throttling. -# FIXME esm revisit pulling expected images re: shortnames caused tests to fail -# env CONTAINERS_REGISTRIES_CONF=$TESTS_DIR/../registries.conf $PODMAN_BIN \ --root $WORKDIR/server_root --syslog=true \ system service \ @@ -414,18 +405,18 @@ function stop_service() { REGISTRY_PORT= REGISTRY_USERNAME= REGISTRY_PASSWORD= -REGISTRY_CONFIG_HEADER= function start_registry() { - # We can be invoked multiple times, e.g. from different subtests, but - # let's assume that once started we only kill it at the end of tests. + # We can be called multiple times, but each time should start a new + # registry container with (possibly) different configuration. That + # means that all callers must be responsible for invoking stop_registry. if [[ -n "$REGISTRY_PORT" ]]; then - return + die "start_registry invoked twice in succession, without stop_registry" fi + # First arg is auth type (default: "none", but can also be "htpasswd") + local auth="${1:-none}" + REGISTRY_PORT=$(random_port) - REGISTRY_USERNAME=u$(random_string 7) - REGISTRY_PASSWORD=p$(random_string 7) - REGISTRY_CONFIG_HEADER=$(echo "{\"localhost:${REGISTRY_PORT}\":{\"username\":\"${REGISTRY_USERNAME}\",\"password\":\"${REGISTRY_PASSWORD}\"}}" | base64 --wrap=0) local REGDIR=$WORKDIR/registry local AUTHDIR=$REGDIR/auth @@ -439,22 +430,33 @@ function start_registry() { podman ${PODMAN_REGISTRY_ARGS} pull $REGISTRY_IMAGE || podman ${PODMAN_REGISTRY_ARGS} pull $REGISTRY_IMAGE - # Create a local cert and credentials - # FIXME: is there a hidden "--quiet" flag? This is too noisy. - openssl req -newkey rsa:4096 -nodes -sha256 \ - -keyout $AUTHDIR/domain.key -x509 -days 2 \ - -out $AUTHDIR/domain.crt \ - -subj "/C=US/ST=Foo/L=Bar/O=Red Hat, Inc./CN=registry host certificate" \ - -addext subjectAltName=DNS:localhost - htpasswd -Bbn ${REGISTRY_USERNAME} ${REGISTRY_PASSWORD} \ - > $AUTHDIR/htpasswd + # Create a local cert (no need to do this more than once) + if [[ ! -e $AUTHDIR/domain.key ]]; then + # FIXME: is there a hidden "--quiet" flag? This is too noisy. + openssl req -newkey rsa:4096 -nodes -sha256 \ + -keyout $AUTHDIR/domain.key -x509 -days 2 \ + -out $AUTHDIR/domain.crt \ + -subj "/C=US/ST=Foo/L=Bar/O=Red Hat, Inc./CN=registry host certificate" \ + -addext subjectAltName=DNS:localhost + fi + + # If invoked with auth=htpasswd, create credentials + REGISTRY_USERNAME= + REGISTRY_PASSWORD= + if [[ "$auth" = "htpasswd" ]]; then + REGISTRY_USERNAME=u$(random_string 7) + REGISTRY_PASSWORD=p$(random_string 7) + + htpasswd -Bbn ${REGISTRY_USERNAME} ${REGISTRY_PASSWORD} \ + > $AUTHDIR/htpasswd + fi # Run the registry, and wait for it to come up podman ${PODMAN_REGISTRY_ARGS} run -d \ -p ${REGISTRY_PORT}:5000 \ --name registry \ -v $AUTHDIR:/auth:Z \ - -e "REGISTRY_AUTH=htpasswd" \ + -e "REGISTRY_AUTH=$auth" \ -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \ -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \ -e REGISTRY_HTTP_TLS_CERTIFICATE=/auth/domain.crt \ @@ -468,13 +470,19 @@ function stop_registry() { local REGDIR=${WORKDIR}/registry if [[ -d $REGDIR ]]; then local OPTS="--root ${REGDIR}/root --runroot ${REGDIR}/runroot" - podman $OPTS stop -f -t 0 -a + podman $OPTS stop -i -t 0 registry # rm/rmi are important when running rootless: without them we # get EPERMS in tmpdir cleanup because files are owned by subuids. - podman $OPTS rm -f -a - podman $OPTS rmi -f -a + podman $OPTS rm -f -i registry + if [[ "$1" = "--cleanup" ]]; then + podman $OPTS rmi -f -a + fi fi + + REGISTRY_PORT= + REGISTRY_USERNAME= + REGISTRY_PASSWORD= } ################# |