1 files changed, 39 insertions, 31 deletions

diff --git a/test/apiv2/test-apiv2 b/test/apiv2/test-apiv2
index bd28ae145..6151b7672 100755
--- a/test/apiv2/test-apiv2
+++ b/test/apiv2/test-apiv2
@@ -62,7 +62,7 @@ clean_up_server() {
         podman rm -a
         podman rmi -af
 
-        stop_registry
+        stop_registry --cleanup
         stop_service
     fi
 }
@@ -242,7 +242,7 @@ function t() {
             esac
         done
         if [[ -z "$curl_args" ]]; then
-            curl_args+=(-d $(jsonify ${post_args[@]}))
+            curl_args=(-d $(jsonify ${post_args[@]}))
             testname="$testname [${curl_args[@]}]"
         fi
     fi
@@ -273,10 +273,6 @@ function t() {
         curl_args+=("--head")
     fi
 
-    if [ -n "$REGISTRY_CONFIG_HEADER" ]; then
-        curl_args+=(-H "X-Registry-Config: $REGISTRY_CONFIG_HEADER")
-    fi
-
     local expected_code=$1; shift
 
     # Log every action we do
@@ -384,11 +380,6 @@ function start_service() {
         die "Cannot start service on non-localhost ($HOST)"
     fi
 
-    echo "rootdir: "$WORKDIR
-    # Some tests use shortnames; force registry override to work around
-    # docker.io throttling.
-#    FIXME esm revisit pulling expected images re: shortnames caused tests to fail
-#    env CONTAINERS_REGISTRIES_CONF=$TESTS_DIR/../registries.conf
     $PODMAN_BIN \
         --root $WORKDIR/server_root --syslog=true \
         system service \
@@ -414,18 +405,18 @@ function stop_service() {
 REGISTRY_PORT=
 REGISTRY_USERNAME=
 REGISTRY_PASSWORD=
-REGISTRY_CONFIG_HEADER=
 function start_registry() {
-    # We can be invoked multiple times, e.g. from different subtests, but
-    # let's assume that once started we only kill it at the end of tests.
+    # We can be called multiple times, but each time should start a new
+    # registry container with (possibly) different configuration. That
+    # means that all callers must be responsible for invoking stop_registry.
     if [[ -n "$REGISTRY_PORT" ]]; then
-        return
+        die "start_registry invoked twice in succession, without stop_registry"
     fi
 
+    # First arg is auth type (default: "none", but can also be "htpasswd")
+    local auth="${1:-none}"
+
     REGISTRY_PORT=$(random_port)
-    REGISTRY_USERNAME=u$(random_string 7)
-    REGISTRY_PASSWORD=p$(random_string 7)
-    REGISTRY_CONFIG_HEADER=$(echo "{\"localhost:${REGISTRY_PORT}\":{\"username\":\"${REGISTRY_USERNAME}\",\"password\":\"${REGISTRY_PASSWORD}\"}}" | base64 --wrap=0)
 
     local REGDIR=$WORKDIR/registry
     local AUTHDIR=$REGDIR/auth
@@ -439,22 +430,33 @@ function start_registry() {
         podman ${PODMAN_REGISTRY_ARGS} pull $REGISTRY_IMAGE ||
         podman ${PODMAN_REGISTRY_ARGS} pull $REGISTRY_IMAGE
 
-    # Create a local cert and credentials
-    # FIXME: is there a hidden "--quiet" flag? This is too noisy.
-    openssl req -newkey rsa:4096 -nodes -sha256 \
-            -keyout $AUTHDIR/domain.key -x509 -days 2 \
-            -out $AUTHDIR/domain.crt \
-            -subj "/C=US/ST=Foo/L=Bar/O=Red Hat, Inc./CN=registry host certificate" \
-            -addext subjectAltName=DNS:localhost
-    htpasswd -Bbn ${REGISTRY_USERNAME} ${REGISTRY_PASSWORD} \
-             > $AUTHDIR/htpasswd
+    # Create a local cert (no need to do this more than once)
+    if [[ ! -e $AUTHDIR/domain.key ]]; then
+        # FIXME: is there a hidden "--quiet" flag? This is too noisy.
+        openssl req -newkey rsa:4096 -nodes -sha256 \
+                -keyout $AUTHDIR/domain.key -x509 -days 2 \
+                -out $AUTHDIR/domain.crt \
+                -subj "/C=US/ST=Foo/L=Bar/O=Red Hat, Inc./CN=registry host certificate" \
+                -addext subjectAltName=DNS:localhost
+    fi
+
+    # If invoked with auth=htpasswd, create credentials
+    REGISTRY_USERNAME=
+    REGISTRY_PASSWORD=
+    if [[ "$auth" = "htpasswd" ]]; then
+        REGISTRY_USERNAME=u$(random_string 7)
+        REGISTRY_PASSWORD=p$(random_string 7)
+
+        htpasswd -Bbn ${REGISTRY_USERNAME} ${REGISTRY_PASSWORD} \
+                 > $AUTHDIR/htpasswd
+    fi
 
     # Run the registry, and wait for it to come up
     podman ${PODMAN_REGISTRY_ARGS} run -d \
            -p ${REGISTRY_PORT}:5000 \
            --name registry \
            -v $AUTHDIR:/auth:Z \
-           -e "REGISTRY_AUTH=htpasswd" \
+           -e "REGISTRY_AUTH=$auth" \
            -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
            -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \
            -e REGISTRY_HTTP_TLS_CERTIFICATE=/auth/domain.crt \
@@ -468,13 +470,19 @@ function stop_registry() {
     local REGDIR=${WORKDIR}/registry
     if [[ -d $REGDIR ]]; then
         local OPTS="--root ${REGDIR}/root --runroot ${REGDIR}/runroot"
-        podman $OPTS stop -f -t 0 -a
+        podman $OPTS stop -i -t 0 registry
 
         # rm/rmi are important when running rootless: without them we
         # get EPERMS in tmpdir cleanup because files are owned by subuids.
-        podman $OPTS rm -f -a
-        podman $OPTS rmi -f -a
+        podman $OPTS rm -f -i registry
+        if [[ "$1" = "--cleanup" ]]; then
+            podman $OPTS rmi -f -a
+        fi
     fi
+
+    REGISTRY_PORT=
+    REGISTRY_USERNAME=
+    REGISTRY_PASSWORD=
 }
 
 #################