diff options
Diffstat (limited to 'test/apiv2')
| -rw-r--r-- | test/apiv2/12-imagesMore.at | 4 | ||||
| -rw-r--r-- | test/apiv2/20-containers.at | 1 | ||||
| -rw-r--r-- | test/apiv2/60-auth.at | 29 | ||||
| -rw-r--r-- | test/apiv2/rest_api/__init__.py | 4 | ||||
| -rwxr-xr-x | test/apiv2/test-apiv2 | 115 |
5 files changed, 145 insertions, 8 deletions
diff --git a/test/apiv2/12-imagesMore.at b/test/apiv2/12-imagesMore.at index 4f3ddf925..ce3049106 100644 --- a/test/apiv2/12-imagesMore.at +++ b/test/apiv2/12-imagesMore.at @@ -46,6 +46,10 @@ t POST "images/localhost:5000/myrepo/push?tlsVerify=false&tag=mytag" '' 200 # Untag the image t POST "libpod/images/$iid/untag?repo=localhost:5000/myrepo&tag=mytag" '' 201 +# Try to push non-existing image +t POST "images/localhost:5000/idonotexist/push?tlsVerify=false" '' 200 +jq -re 'select(.errorDetail)' <<<"$output" &>/dev/null || echo -e "${red}not ok: error message not found in output${nc}" 1>&2 + t GET libpod/images/$IMAGE/json 200 \ .RepoTags[-1]=$IMAGE diff --git a/test/apiv2/20-containers.at b/test/apiv2/20-containers.at index f73d03123..383d92ef3 100644 --- a/test/apiv2/20-containers.at +++ b/test/apiv2/20-containers.at @@ -162,6 +162,7 @@ t DELETE images/localhost/newrepo:v1?force=true 200 t DELETE images/localhost/newrepo:v2?force=true 200 t DELETE libpod/containers/$cid 204 t DELETE libpod/containers/myctr 204 +t DELETE libpod/containers/bogus 404 # test apiv2 create container with correct entrypoint and cmd diff --git a/test/apiv2/60-auth.at b/test/apiv2/60-auth.at new file mode 100644 index 000000000..378955cd7 --- /dev/null +++ b/test/apiv2/60-auth.at @@ -0,0 +1,29 @@ +# -*- sh -*- +# +# registry-related tests +# + +start_registry + +# FIXME FIXME FIXME: remove the 'if false' for use with PR 9589 +if false; then + +# FIXME FIXME: please forgive the horrible POST params format; I have an +# upcoming PR which should fix that. + +# Test with wrong password. Confirm bad status and appropriate error message +t POST /v1.40/auth "\"username\":\"${REGISTRY_USERNAME}\",\"password\":\"WrOnGPassWord\",\"serveraddress\":\"localhost:$REGISTRY_PORT/\"" \ + 400 \ + .Status~'.* invalid username/password' + +# Test with the right password. Confirm status message and reasonable token +t POST /v1.40/auth "\"username\":\"${REGISTRY_USERNAME}\",\"password\":\"${REGISTRY_PASSWORD}\",\"serveraddress\":\"localhost:$REGISTRY_PORT/\"" \ + 200 \ + .Status="Login Succeeded" \ + .IdentityToken~[a-zA-Z0-9] + +# FIXME: now what? Try something-something using that token? +token=$(jq -r .IdentityToken <<<"$output") +# ... + +fi # FIXME FIXME FIXME: remove when working diff --git a/test/apiv2/rest_api/__init__.py b/test/apiv2/rest_api/__init__.py index db0257f03..b7b8a7649 100644 --- a/test/apiv2/rest_api/__init__.py +++ b/test/apiv2/rest_api/__init__.py @@ -27,7 +27,7 @@ class Podman(object): self.cmd.append("--root=" + os.path.join(self.anchor_directory, "crio")) self.cmd.append("--runroot=" + os.path.join(self.anchor_directory, "crio-run")) - os.environ["REGISTRIES_CONFIG_PATH"] = os.path.join(self.anchor_directory, "registry.conf") + os.environ["CONTAINERS_REGISTRIES_CONF"] = os.path.join(self.anchor_directory, "registry.conf") p = configparser.ConfigParser() p.read_dict( { @@ -36,7 +36,7 @@ class Podman(object): "registries.block": {"registries": "[]"}, } ) - with open(os.environ["REGISTRIES_CONFIG_PATH"], "w") as w: + with open(os.environ["CONTAINERS_REGISTRIES_CONF"], "w") as w: p.write(w) os.environ["CNI_CONFIG_PATH"] = os.path.join(self.anchor_directory, "cni", "net.d") diff --git a/test/apiv2/test-apiv2 b/test/apiv2/test-apiv2 index d545df245..e32d6bc62 100755 --- a/test/apiv2/test-apiv2 +++ b/test/apiv2/test-apiv2 @@ -17,6 +17,8 @@ PODMAN_TEST_IMAGE_FQN="$PODMAN_TEST_IMAGE_REGISTRY/$PODMAN_TEST_IMAGE_USER/$PODM IMAGE=$PODMAN_TEST_IMAGE_FQN +REGISTRY_IMAGE="${PODMAN_TEST_IMAGE_REGISTRY}/${PODMAN_TEST_IMAGE_USER}/registry:2.7" + # END stuff you can but probably shouldn't customize ############################################################################### # BEGIN setup @@ -313,13 +315,115 @@ function start_service() { die "Cannot start service on non-localhost ($HOST)" fi - $PODMAN_BIN --root $WORKDIR system service --time 15 tcp:127.0.0.1:$PORT \ + $PODMAN_BIN --root $WORKDIR/server_root system service \ + --time 15 \ + tcp:127.0.0.1:$PORT \ &> $WORKDIR/server.log & service_pid=$! wait_for_port $HOST $PORT } +function stop_service() { + # Stop the server + if [[ -n $service_pid ]]; then + kill $service_pid + wait $service_pid + fi +} + +#################### +# start_registry # Run a local registry +#################### +REGISTRY_PORT= +REGISTRY_USERNAME= +REGISTRY_PASSWORD= +function start_registry() { + # We can be invoked multiple times, e.g. from different subtests, but + # let's assume that once started we only kill it at the end of tests. + if [[ -n "$REGISTRY_PORT" ]]; then + return + fi + + REGISTRY_PORT=$(random_port) + REGISTRY_USERNAME=u$(random_string 7) + REGISTRY_PASSWORD=p$(random_string 7) + + local REGDIR=$WORKDIR/registry + local AUTHDIR=$REGDIR/auth + mkdir -p $AUTHDIR + + mkdir -p ${REGDIR}/{root,runroot} + local PODMAN_REGISTRY_ARGS="--root ${REGDIR}/root --runroot ${REGDIR}/runroot" + + # Give it three tries, to compensate for network flakes + podman ${PODMAN_REGISTRY_ARGS} pull $REGISTRY_IMAGE || + podman ${PODMAN_REGISTRY_ARGS} pull $REGISTRY_IMAGE || + podman ${PODMAN_REGISTRY_ARGS} pull $REGISTRY_IMAGE + + # Create a local cert and credentials + # FIXME: is there a hidden "--quiet" flag? This is too noisy. + openssl req -newkey rsa:4096 -nodes -sha256 \ + -keyout $AUTHDIR/domain.key -x509 -days 2 \ + -out $AUTHDIR/domain.crt \ + -subj "/C=US/ST=Foo/L=Bar/O=Red Hat, Inc./CN=registry host certificate" \ + -addext subjectAltName=DNS:localhost + htpasswd -Bbn ${REGISTRY_USERNAME} ${REGISTRY_PASSWORD} \ + > $AUTHDIR/htpasswd + + # Run the registry, and wait for it to come up + podman ${PODMAN_REGISTRY_ARGS} run -d \ + -p ${REGISTRY_PORT}:5000 \ + --name registry \ + -v $AUTHDIR:/auth:Z \ + -e "REGISTRY_AUTH=htpasswd" \ + -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \ + -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \ + -e REGISTRY_HTTP_TLS_CERTIFICATE=/auth/domain.crt \ + -e REGISTRY_HTTP_TLS_KEY=/auth/domain.key \ + ${REGISTRY_IMAGE} + + wait_for_port localhost $REGISTRY_PORT +} + +function stop_registry() { + local REGDIR=${WORKDIR}/registry + if [[ -d $REGDIR ]]; then + local OPTS="--root ${REGDIR}/root --runroot ${REGDIR}/runroot" + podman $OPTS stop -f -t 0 -a + + # rm/rmi are important when running rootless: without them we + # get EPERMS in tmpdir cleanup because files are owned by subuids. + podman $OPTS rm -f -a + podman $OPTS rmi -f -a + fi +} + +################# +# random_port # Random open port; arg is range (min-max), default 5000-5999 +################# +function random_port() { + local range=${1:-5000-5999} + + local port + for port in $(shuf -i ${range}); do + if ! { exec 5<> /dev/tcp/127.0.0.1/$port; } &>/dev/null; then + echo $port + return + fi + done + + die "Could not find open port in range $range" +} + +################### +# random_string # Pseudorandom alphanumeric string of given length +################### +function random_string() { + local length=${1:-10} + head /dev/urandom | tr -dc a-zA-Z0-9 | head -c$length +} + ################### # wait_for_port # Returns once port is available on host ################### @@ -341,8 +445,8 @@ function wait_for_port() { # podman # Needed by some test scripts to invoke the actual podman binary ############ function podman() { - echo "\$ $PODMAN_BIN $*" >>$WORKDIR/output.log - $PODMAN_BIN --root $WORKDIR "$@" >>$WORKDIR/output.log 2>&1 + echo "\$ $PODMAN_BIN $*" >>$WORKDIR/output.log + $PODMAN_BIN --root $WORKDIR/server_root "$@" >>$WORKDIR/output.log 2>&1 } #################### @@ -412,9 +516,8 @@ if [ -n "$service_pid" ]; then podman rm -a podman rmi -af - # Stop the server - kill $service_pid - wait $service_pid + stop_registry + stop_service fi test_count=$(<$testcounter_file) |