diff options
-rw-r--r-- | test/certs/domain.crt | 18 | ||||
-rw-r--r-- | test/certs/domain.key | 6 | ||||
-rw-r--r-- | test/e2e/push_test.go | 143 |
3 files changed, 165 insertions, 2 deletions
diff --git a/test/certs/domain.crt b/test/certs/domain.crt new file mode 100644 index 000000000..881fc124d --- /dev/null +++ b/test/certs/domain.crt @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC3zCCAmSgAwIBAgIUdbnvx7lLf8OANP37QTKoxfNAl5EwCgYIKoZIzj0EAwMw +gawxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1T +YW4gRnJhbmNpc2NvMSowKAYDVQQKEyFIb25lc3QgQWNobWVkJ3MgVXNlZCBDZXJ0 +aWZpY2F0ZXMxKTAnBgNVBAsTIEhhc3RpbHktR2VuZXJhdGVkIFZhbHVlcyBEaXZp +c29uMRkwFwYDVQQDExBBdXRvZ2VuZXJhdGVkIENBMB4XDTE4MDMyMDExMDUwMFoX +DTE5MDMyMDExMDUwMFowWzEVMBMGA1UEBxMMdGhlIGludGVybmV0MRYwFAYDVQQK +Ew1hdXRvZ2VuZXJhdGVkMRQwEgYDVQQLEwtwb2RtYW4gdGVzdDEUMBIGA1UEAxML +cG9kbWFuLXRlc3QwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATA65F+T8sreSnTm+I2 +IjeKN8rb5W2j3QKXz8n9JkPWiWX16HGIWso1JWPhhjvpmVkfSzD91niQwrsm6PhP +ypZUzkX5iL7JE8jVjflEiUbflSzc+fgT/scqRUUQ3evmqUCjgZYwgZMwDgYDVR0P +AQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMB +Af8EAjAAMB0GA1UdDgQWBBQCgkUh4aBOTl5KHettBluuE7rccDAfBgNVHSMEGDAW +gBTPyUqMxUVdwC4K+kh9jHtnf7GrETAUBgNVHREEDTALgglsb2NhbGhvc3QwCgYI +KoZIzj0EAwMDaQAwZgIxAKsrYLbXSJs473tlfX3OF/BmfTvDwBO5TfPoZ1yNDhVk +UvoYn2szSEVMwR7uX1gKWgIxALz00G6umVkSh0MgIwSaYpJU/N1eVNgbIXRFV+5+ +lK/0jLWm4aAFkVhqUkkueTzG2g== +-----END CERTIFICATE----- diff --git a/test/certs/domain.key b/test/certs/domain.key new file mode 100644 index 000000000..b0f15eb75 --- /dev/null +++ b/test/certs/domain.key @@ -0,0 +1,6 @@ +-----BEGIN EC PRIVATE KEY----- +MIGkAgEBBDB7ZI5Q6dOSwOqpJ2FVlFuDJN/sJB3epR2S+rOvCPua+rQ8uv6lpZDx +CQ4ioUMFo6agBwYFK4EEACKhZANiAATA65F+T8sreSnTm+I2IjeKN8rb5W2j3QKX +z8n9JkPWiWX16HGIWso1JWPhhjvpmVkfSzD91niQwrsm6PhPypZUzkX5iL7JE8jV +jflEiUbflSzc+fgT/scqRUUQ3evmqUA= +-----END EC PRIVATE KEY----- diff --git a/test/e2e/push_test.go b/test/e2e/push_test.go index b2c55607f..8593c3e99 100644 --- a/test/e2e/push_test.go +++ b/test/e2e/push_test.go @@ -2,6 +2,8 @@ package integration import ( "os" + "path/filepath" + "strings" "time" . "github.com/onsi/ginkgo" @@ -43,8 +45,6 @@ var _ = Describe("Podman push", func() { Expect(session.ExitCode()).To(Equal(0)) }) - // push to oci-archive, docker-archive, and dir are tested in pull_test.go - It("podman push to dir", func() { session := podmanTest.Podman([]string{"push", "--remove-signatures", ALPINE, "dir:/tmp/busybox"}) session.WaitWithDefaultTimeout() @@ -67,4 +67,143 @@ var _ = Describe("Podman push", func() { push.WaitWithDefaultTimeout() Expect(push.ExitCode()).To(Equal(0)) }) + + It("podman push to local registry with authorization", func() { + authPath := filepath.Join(podmanTest.TempDir, "auth") + os.Mkdir(authPath, os.ModePerm) + os.MkdirAll("/etc/containers/certs.d/localhost:5000", os.ModePerm) + debug := podmanTest.SystemExec("ls", []string{"-l", podmanTest.TempDir}) + debug.WaitWithDefaultTimeout() + + cwd, _ := os.Getwd() + certPath := filepath.Join(cwd, "../", "certs") + + setup := podmanTest.SystemExec("getenforce", []string{}) + setup.WaitWithDefaultTimeout() + if setup.OutputToString() == "Enforcing" { + + setup = podmanTest.SystemExec("setenforce", []string{"0"}) + setup.WaitWithDefaultTimeout() + + defer podmanTest.SystemExec("setenforce", []string{"1"}) + } + + session := podmanTest.Podman([]string{"run", "--entrypoint", "htpasswd", "registry:2", "-Bbn", "podmantest", "test"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + + f, _ := os.Create(filepath.Join(authPath, "htpasswd")) + defer f.Close() + + f.WriteString(session.OutputToString()) + f.Sync() + debug = podmanTest.SystemExec("cat", []string{filepath.Join(authPath, "htpasswd")}) + debug.WaitWithDefaultTimeout() + + session = podmanTest.Podman([]string{"run", "-d", "-p", "5000:5000", "--name", "registry", "-v", + strings.Join([]string{authPath, "/auth"}, ":"), "-e", "REGISTRY_AUTH=htpasswd", "-e", + "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm", "-e", "REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd", + "-v", strings.Join([]string{certPath, "/certs"}, ":"), "-e", "REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt", + "-e", "REGISTRY_HTTP_TLS_KEY=/certs/domain.key", "registry:2"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + + time.Sleep(5 * time.Second) + + session = podmanTest.Podman([]string{"logs", "registry"}) + session.WaitWithDefaultTimeout() + + push := podmanTest.Podman([]string{"push", "--creds=podmantest:test", ALPINE, "localhost:5000/tlstest"}) + push.WaitWithDefaultTimeout() + Expect(push.ExitCode()).To(Not(Equal(0))) + + push = podmanTest.Podman([]string{"push", "--creds=podmantest:test", "--tls-verify=false", ALPINE, "localhost:5000/tlstest"}) + push.WaitWithDefaultTimeout() + Expect(push.ExitCode()).To(Equal(0)) + + setup = podmanTest.SystemExec("cp", []string{filepath.Join(certPath, "domain.crt"), "/etc/containers/certs.d/localhost:5000/ca.crt"}) + setup.WaitWithDefaultTimeout() + defer os.RemoveAll("/etc/containers/certs.d/localhost:5000") + + push = podmanTest.Podman([]string{"push", "--creds=podmantest:wrongpasswd", ALPINE, "localhost:5000/credstest"}) + push.WaitWithDefaultTimeout() + Expect(push.ExitCode()).To(Not(Equal(0))) + + push = podmanTest.Podman([]string{"push", "--creds=podmantest:test", "--cert-dir=fakedir", ALPINE, "localhost:5000/certdirtest"}) + push.WaitWithDefaultTimeout() + Expect(push.ExitCode()).To(Not(Equal(0))) + + push = podmanTest.Podman([]string{"push", "--creds=podmantest:test", ALPINE, "localhost:5000/defaultflags"}) + push.WaitWithDefaultTimeout() + Expect(push.ExitCode()).To(Equal(0)) + }) + + It("podman push to docker-archive", func() { + session := podmanTest.Podman([]string{"push", ALPINE, "docker-archive:/tmp/alp:latest"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + clean := podmanTest.SystemExec("rm", []string{"/tmp/alp"}) + clean.WaitWithDefaultTimeout() + Expect(clean.ExitCode()).To(Equal(0)) + }) + + It("podman push to docker daemon", func() { + setup := podmanTest.SystemExec("bash", []string{"-c", "systemctl status docker 2>&1"}) + setup.WaitWithDefaultTimeout() + + if setup.LineInOuputContains("Active: inactive") { + setup = podmanTest.SystemExec("systemctl", []string{"start", "docker"}) + setup.WaitWithDefaultTimeout() + + defer podmanTest.SystemExec("systemctl", []string{"stop", "docker"}) + } else if setup.ExitCode() != 0 { + Skip("Docker is not avaiable") + } + + session := podmanTest.Podman([]string{"push", ALPINE, "docker-daemon:alpine:podmantest"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + + check := podmanTest.SystemExec("docker", []string{"images", "--format", "{{.Repository}}:{{.Tag}}"}) + check.WaitWithDefaultTimeout() + Expect(check.ExitCode()).To(Equal(0)) + Expect(check.OutputToString()).To(ContainSubstring("alpine:podmantest")) + + clean := podmanTest.SystemExec("docker", []string{"rmi", "alpine:podmantest"}) + clean.WaitWithDefaultTimeout() + Expect(clean.ExitCode()).To(Equal(0)) + }) + + It("podman push to oci-archive", func() { + session := podmanTest.Podman([]string{"push", ALPINE, "oci-archive:/tmp/alp.tar:latest"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + clean := podmanTest.SystemExec("rm", []string{"/tmp/alp.tar"}) + clean.WaitWithDefaultTimeout() + Expect(clean.ExitCode()).To(Equal(0)) + }) + + It("podman push to local ostree", func() { + setup := podmanTest.SystemExec("which", []string{"ostree"}) + setup.WaitWithDefaultTimeout() + + if setup.ExitCode() != 0 { + Skip("ostree is not installed") + } + + ostreePath := filepath.Join(podmanTest.TempDir, "ostree/repo") + os.MkdirAll(ostreePath, os.ModePerm) + + setup = podmanTest.SystemExec("ostree", []string{strings.Join([]string{"--repo=", ostreePath}, ""), "init"}) + setup.WaitWithDefaultTimeout() + + session := podmanTest.Podman([]string{"push", ALPINE, strings.Join([]string{"ostree:alp@", ostreePath}, "")}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + + clean := podmanTest.SystemExec("rm", []string{"-rf", ostreePath}) + clean.WaitWithDefaultTimeout() + Expect(clean.ExitCode()).To(Equal(0)) + }) + }) |