diff options
Diffstat (limited to 'test')
| -rw-r--r-- | test/e2e/create_staticip_test.go | 16 | ||||
| -rw-r--r-- | test/e2e/login_logout_test.go | 52 | ||||
| -rw-r--r-- | test/e2e/pod_create_test.go | 165 | ||||
| -rw-r--r-- | test/e2e/ps_test.go | 3 | ||||
| -rw-r--r-- | test/e2e/run_volume_test.go | 20 | ||||
| -rw-r--r-- | test/e2e/search_test.go | 13 | ||||
| -rw-r--r-- | test/system/010-images.bats | 36 | ||||
| -rw-r--r-- | test/system/150-login.bats | 339 |
8 files changed, 633 insertions, 11 deletions
diff --git a/test/e2e/create_staticip_test.go b/test/e2e/create_staticip_test.go index 72a0638f9..693795637 100644 --- a/test/e2e/create_staticip_test.go +++ b/test/e2e/create_staticip_test.go @@ -4,6 +4,7 @@ package integration import ( "os" + "time" . "github.com/containers/libpod/test/utils" . "github.com/onsi/ginkgo" @@ -86,8 +87,23 @@ var _ = Describe("Podman create with --ip flag", func() { result = podmanTest.Podman([]string{"start", "test1"}) result.WaitWithDefaultTimeout() Expect(result.ExitCode()).To(Equal(0)) + + // race prevention: wait until IP address is assigned + for i := 0; i < 5; i++ { + result = podmanTest.Podman([]string{"inspect", "--format", "{{.NetworkSettings.IPAddress}}", "test1"}) + result.WaitWithDefaultTimeout() + Expect(result.ExitCode()).To(Equal(0)) + if result.OutputToString() != "" { + break + } + time.Sleep(1 * time.Second) + } + Expect(result.OutputToString()).To(Equal(ip)) + + // test1 container is running with the given IP. result = podmanTest.Podman([]string{"start", "test2"}) result.WaitWithDefaultTimeout() Expect(result).To(ExitWithError()) + Expect(result.ErrorToString()).To(ContainSubstring("requested IP address " + ip + " is not available")) }) }) diff --git a/test/e2e/login_logout_test.go b/test/e2e/login_logout_test.go index 78c9b52d9..42698d270 100644 --- a/test/e2e/login_logout_test.go +++ b/test/e2e/login_logout_test.go @@ -19,14 +19,15 @@ import ( var _ = Describe("Podman login and logout", func() { var ( - tempdir string - err error - podmanTest *PodmanTestIntegration - authPath string - certPath string - port int - server string - testImg string + tempdir string + err error + podmanTest *PodmanTestIntegration + authPath string + certPath string + port int + server string + testImg string + registriesConfWithSearch []byte ) BeforeEach(func() { @@ -64,6 +65,9 @@ var _ = Describe("Podman login and logout", func() { f.Sync() port = 4999 + config.GinkgoConfig.ParallelNode server = strings.Join([]string{"localhost", strconv.Itoa(port)}, ":") + + registriesConfWithSearch = []byte(fmt.Sprintf("[registries.search]\nregistries = ['%s']", server)) + testImg = strings.Join([]string{server, "test-apline"}, "/") os.MkdirAll(filepath.Join("/etc/containers/certs.d", server), os.ModePerm) @@ -113,6 +117,38 @@ var _ = Describe("Podman login and logout", func() { Expect(session).To(ExitWithError()) }) + It("podman login and logout without registry parameter", func() { + SkipIfRootless() + + registriesConf, err := ioutil.TempFile("", "TestLoginWithoutParameter") + Expect(err).To(BeNil()) + defer registriesConf.Close() + defer os.Remove(registriesConf.Name()) + + err = ioutil.WriteFile(registriesConf.Name(), []byte(registriesConfWithSearch), os.ModePerm) + Expect(err).To(BeNil()) + + // Environment is per-process, so this looks very unsafe; actually it seems fine because tests are not + // run in parallel unless they opt in by calling t.Parallel(). So don’t do that. + oldRCP, hasRCP := os.LookupEnv("REGISTRIES_CONFIG_PATH") + defer func() { + if hasRCP { + os.Setenv("REGISTRIES_CONFIG_PATH", oldRCP) + } else { + os.Unsetenv("REGISTRIES_CONFIG_PATH") + } + }() + os.Setenv("REGISTRIES_CONFIG_PATH", registriesConf.Name()) + + session := podmanTest.Podman([]string{"login", "-u", "podmantest", "-p", "test"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To((Equal(0))) + + session = podmanTest.Podman([]string{"logout"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + }) + It("podman login and logout with flag --authfile", func() { SkipIfRootless() authFile := filepath.Join(podmanTest.TempDir, "auth.json") diff --git a/test/e2e/pod_create_test.go b/test/e2e/pod_create_test.go index 2efa36141..e0a10c202 100644 --- a/test/e2e/pod_create_test.go +++ b/test/e2e/pod_create_test.go @@ -1,7 +1,9 @@ package integration import ( + "fmt" "os" + "strings" . "github.com/containers/libpod/test/utils" . "github.com/onsi/ginkgo" @@ -117,4 +119,167 @@ var _ = Describe("Podman pod create", func() { session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(125)) }) + + It("podman create pod with --no-hosts", func() { + SkipIfRemote() + name := "test" + podCreate := podmanTest.Podman([]string{"pod", "create", "--no-hosts", "--name", name}) + podCreate.WaitWithDefaultTimeout() + Expect(podCreate.ExitCode()).To(Equal(0)) + + alpineResolvConf := podmanTest.Podman([]string{"run", "-ti", "--rm", "--no-hosts", ALPINE, "cat", "/etc/hosts"}) + alpineResolvConf.WaitWithDefaultTimeout() + Expect(alpineResolvConf.ExitCode()).To(Equal(0)) + + podResolvConf := podmanTest.Podman([]string{"run", "--pod", name, "-ti", "--rm", ALPINE, "cat", "/etc/hosts"}) + podResolvConf.WaitWithDefaultTimeout() + Expect(podResolvConf.ExitCode()).To(Equal(0)) + Expect(podResolvConf.OutputToString()).To(Equal(alpineResolvConf.OutputToString())) + }) + + It("podman create pod with --no-hosts and no infra should fail", func() { + SkipIfRemote() + name := "test" + podCreate := podmanTest.Podman([]string{"pod", "create", "--no-hosts", "--name", name, "--infra=false"}) + podCreate.WaitWithDefaultTimeout() + Expect(podCreate.ExitCode()).To(Equal(125)) + }) + + It("podman create pod with --add-host", func() { + SkipIfRemote() + name := "test" + podCreate := podmanTest.Podman([]string{"pod", "create", "--add-host", "test.example.com:12.34.56.78", "--name", name}) + podCreate.WaitWithDefaultTimeout() + Expect(podCreate.ExitCode()).To(Equal(0)) + + podResolvConf := podmanTest.Podman([]string{"run", "--pod", name, "-ti", "--rm", ALPINE, "cat", "/etc/hosts"}) + podResolvConf.WaitWithDefaultTimeout() + Expect(podResolvConf.ExitCode()).To(Equal(0)) + Expect(strings.Contains(podResolvConf.OutputToString(), "12.34.56.78 test.example.com")).To(BeTrue()) + }) + + It("podman create pod with --add-host and no infra should fail", func() { + SkipIfRemote() + name := "test" + podCreate := podmanTest.Podman([]string{"pod", "create", "--add-host", "test.example.com:12.34.56.78", "--name", name, "--infra=false"}) + podCreate.WaitWithDefaultTimeout() + Expect(podCreate.ExitCode()).To(Equal(125)) + }) + + It("podman create pod with DNS server set", func() { + SkipIfRemote() + name := "test" + server := "12.34.56.78" + podCreate := podmanTest.Podman([]string{"pod", "create", "--dns", server, "--name", name}) + podCreate.WaitWithDefaultTimeout() + Expect(podCreate.ExitCode()).To(Equal(0)) + + podResolvConf := podmanTest.Podman([]string{"run", "--pod", name, "-ti", "--rm", ALPINE, "cat", "/etc/resolv.conf"}) + podResolvConf.WaitWithDefaultTimeout() + Expect(podResolvConf.ExitCode()).To(Equal(0)) + Expect(strings.Contains(podResolvConf.OutputToString(), fmt.Sprintf("nameserver %s", server))).To(BeTrue()) + }) + + It("podman create pod with DNS server set and no infra should fail", func() { + SkipIfRemote() + name := "test" + server := "12.34.56.78" + podCreate := podmanTest.Podman([]string{"pod", "create", "--dns", server, "--name", name, "--infra=false"}) + podCreate.WaitWithDefaultTimeout() + Expect(podCreate.ExitCode()).To(Equal(125)) + }) + + It("podman create pod with DNS option set", func() { + SkipIfRemote() + name := "test" + option := "attempts:5" + podCreate := podmanTest.Podman([]string{"pod", "create", "--dns-opt", option, "--name", name}) + podCreate.WaitWithDefaultTimeout() + Expect(podCreate.ExitCode()).To(Equal(0)) + + podResolvConf := podmanTest.Podman([]string{"run", "--pod", name, "-ti", "--rm", ALPINE, "cat", "/etc/resolv.conf"}) + podResolvConf.WaitWithDefaultTimeout() + Expect(podResolvConf.ExitCode()).To(Equal(0)) + Expect(strings.Contains(podResolvConf.OutputToString(), fmt.Sprintf("options %s", option))).To(BeTrue()) + }) + + It("podman create pod with DNS option set and no infra should fail", func() { + SkipIfRemote() + name := "test" + option := "attempts:5" + podCreate := podmanTest.Podman([]string{"pod", "create", "--dns-opt", option, "--name", name, "--infra=false"}) + podCreate.WaitWithDefaultTimeout() + Expect(podCreate.ExitCode()).To(Equal(125)) + }) + + It("podman create pod with DNS search domain set", func() { + SkipIfRemote() + name := "test" + search := "example.com" + podCreate := podmanTest.Podman([]string{"pod", "create", "--dns-search", search, "--name", name}) + podCreate.WaitWithDefaultTimeout() + Expect(podCreate.ExitCode()).To(Equal(0)) + + podResolvConf := podmanTest.Podman([]string{"run", "--pod", name, "-ti", "--rm", ALPINE, "cat", "/etc/resolv.conf"}) + podResolvConf.WaitWithDefaultTimeout() + Expect(podResolvConf.ExitCode()).To(Equal(0)) + Expect(strings.Contains(podResolvConf.OutputToString(), fmt.Sprintf("search %s", search))).To(BeTrue()) + }) + + It("podman create pod with DNS search domain set and no infra should fail", func() { + SkipIfRemote() + name := "test" + search := "example.com" + podCreate := podmanTest.Podman([]string{"pod", "create", "--dns-search", search, "--name", name, "--infra=false"}) + podCreate.WaitWithDefaultTimeout() + Expect(podCreate.ExitCode()).To(Equal(125)) + }) + + It("podman create pod with IP address", func() { + SkipIfRemote() + SkipIfRootless() + name := "test" + ip := GetRandomIPAddress() + podCreate := podmanTest.Podman([]string{"pod", "create", "--ip", ip, "--name", name}) + podCreate.WaitWithDefaultTimeout() + Expect(podCreate.ExitCode()).To(Equal(0)) + + podResolvConf := podmanTest.Podman([]string{"run", "--pod", name, "-ti", "--rm", ALPINE, "ip", "addr"}) + podResolvConf.WaitWithDefaultTimeout() + Expect(podResolvConf.ExitCode()).To(Equal(0)) + Expect(strings.Contains(podResolvConf.OutputToString(), ip)).To(BeTrue()) + }) + + It("podman create pod with IP address and no infra should fail", func() { + SkipIfRemote() + name := "test" + ip := GetRandomIPAddress() + podCreate := podmanTest.Podman([]string{"pod", "create", "--ip", ip, "--name", name, "--infra=false"}) + podCreate.WaitWithDefaultTimeout() + Expect(podCreate.ExitCode()).To(Equal(125)) + }) + + It("podman create pod with MAC address", func() { + SkipIfRemote() + SkipIfRootless() + name := "test" + mac := "92:d0:c6:0a:29:35" + podCreate := podmanTest.Podman([]string{"pod", "create", "--mac-address", mac, "--name", name}) + podCreate.WaitWithDefaultTimeout() + Expect(podCreate.ExitCode()).To(Equal(0)) + + podResolvConf := podmanTest.Podman([]string{"run", "--pod", name, "-ti", "--rm", ALPINE, "ip", "addr"}) + podResolvConf.WaitWithDefaultTimeout() + Expect(podResolvConf.ExitCode()).To(Equal(0)) + Expect(strings.Contains(podResolvConf.OutputToString(), mac)).To(BeTrue()) + }) + + It("podman create pod with MAC address and no infra should fail", func() { + SkipIfRemote() + name := "test" + mac := "92:d0:c6:0a:29:35" + podCreate := podmanTest.Podman([]string{"pod", "create", "--mac-address", mac, "--name", name, "--infra=false"}) + podCreate.WaitWithDefaultTimeout() + Expect(podCreate.ExitCode()).To(Equal(125)) + }) }) diff --git a/test/e2e/ps_test.go b/test/e2e/ps_test.go index 48dd186e2..adbb9c16c 100644 --- a/test/e2e/ps_test.go +++ b/test/e2e/ps_test.go @@ -170,10 +170,11 @@ var _ = Describe("Podman ps", func() { _, ec, _ := podmanTest.RunLsContainer("test1") Expect(ec).To(Equal(0)) - result := podmanTest.Podman([]string{"ps", "-a", "--format", "table {{.ID}} {{.Image}} {{.Labels}}"}) + result := podmanTest.Podman([]string{"ps", "-a", "--format", "table {{.ID}} {{.Image}} {{.ImageID}} {{.Labels}}"}) result.WaitWithDefaultTimeout() Expect(strings.Contains(result.OutputToStringArray()[0], "table")).To(BeFalse()) Expect(strings.Contains(result.OutputToStringArray()[0], "ID")).To(BeTrue()) + Expect(strings.Contains(result.OutputToStringArray()[0], "ImageID")).To(BeTrue()) Expect(strings.Contains(result.OutputToStringArray()[1], "alpine:latest")).To(BeTrue()) Expect(result.ExitCode()).To(Equal(0)) }) diff --git a/test/e2e/run_volume_test.go b/test/e2e/run_volume_test.go index 46c27dc2e..e31338dbc 100644 --- a/test/e2e/run_volume_test.go +++ b/test/e2e/run_volume_test.go @@ -15,6 +15,10 @@ import ( "github.com/onsi/gomega/gexec" ) +var VolumeTrailingSlashDockerfile = ` +FROM alpine:latest +VOLUME /test/` + var _ = Describe("Podman run with volumes", func() { var ( tempdir string @@ -421,4 +425,20 @@ var _ = Describe("Podman run with volumes", func() { Expect(len(outputArr)).To(Equal(1)) Expect(strings.Contains(outputArr[0], fileName)).To(BeTrue()) }) + + It("Podman mount over image volume with trailing /", func() { + image := "podman-volume-test:trailing" + podmanTest.BuildImage(VolumeTrailingSlashDockerfile, image, "false") + + ctrName := "testCtr" + create := podmanTest.Podman([]string{"create", "-v", "/tmp:/test", "--name", ctrName, image, "ls"}) + create.WaitWithDefaultTimeout() + Expect(create.ExitCode()).To(Equal(0)) + + data := podmanTest.InspectContainer(ctrName) + Expect(len(data)).To(Equal(1)) + Expect(len(data[0].Mounts)).To(Equal(1)) + Expect(data[0].Mounts[0].Source).To(Equal("/tmp")) + Expect(data[0].Mounts[0].Destination).To(Equal("/test")) + }) }) diff --git a/test/e2e/search_test.go b/test/e2e/search_test.go index d88231510..a697831ab 100644 --- a/test/e2e/search_test.go +++ b/test/e2e/search_test.go @@ -9,6 +9,7 @@ import ( "os" "strconv" "text/template" + "time" . "github.com/containers/libpod/test/utils" . "github.com/onsi/ginkgo" @@ -165,8 +166,16 @@ registries = ['{{.Host}}:{{.Port}}']` }) It("podman search v2 registry with empty query", func() { - search := podmanTest.Podman([]string{"search", "registry.fedoraproject.org/"}) - search.WaitWithDefaultTimeout() + var search *PodmanSessionIntegration + for i := 0; i < 5; i++ { + search = podmanTest.Podman([]string{"search", "registry.fedoraproject.org/"}) + search.WaitWithDefaultTimeout() + if search.ExitCode() == 0 { + break + } + fmt.Println("Search failed; sleeping & retrying...") + time.Sleep(2 * time.Second) + } Expect(search.ExitCode()).To(Equal(0)) Expect(len(search.OutputToStringArray())).To(BeNumerically(">=", 1)) }) diff --git a/test/system/010-images.bats b/test/system/010-images.bats index 66ef53590..3224c9b42 100644 --- a/test/system/010-images.bats +++ b/test/system/010-images.bats @@ -74,4 +74,40 @@ size | [0-9]\\\+ run_podman rm my-container } +@test "podman images - filter" { + skip_if_remote "podman commit -q is broken in podman-remote" + + run_podman inspect --format '{{.ID}}' $IMAGE + iid=$output + + run_podman images --noheading --filter=after=$iid + is "$output" "" "baseline: empty results from filter (after)" + + run_podman images --noheading --filter=before=$iid + is "$output" "" "baseline: empty results from filter (before)" + + # Create a dummy container, then commit that as an image. We will + # now be able to use before/after/since queries + run_podman run --name mytinycontainer $IMAGE true + run_podman commit -q mytinycontainer mynewimage + new_iid=$output + + # (refactor common options for legibility) + opts='--noheading --no-trunc --format={{.ID}}--{{.Repository}}:{{.Tag}}' + + run_podman images ${opts} --filter=after=$iid + is "$output" "sha256:$new_iid--localhost/mynewimage:latest" "filter: after" + + # Same thing, with 'since' instead of 'after' + run_podman images ${opts} --filter=since=$iid + is "$output" "sha256:$new_iid--localhost/mynewimage:latest" "filter: since" + + run_podman images ${opts} --filter=before=mynewimage + is "$output" "sha256:$iid--$IMAGE" "filter: before" + + # Clean up + run_podman rmi mynewimage + run_podman rm mytinycontainer +} + # vim: filetype=sh diff --git a/test/system/150-login.bats b/test/system/150-login.bats new file mode 100644 index 000000000..e33217e14 --- /dev/null +++ b/test/system/150-login.bats @@ -0,0 +1,339 @@ +#!/usr/bin/env bats -*- bats -*- +# +# tests for podman login +# + +load helpers + +############################################################################### +# BEGIN one-time envariable setup + +# Create a scratch directory; our podman registry will run from here. We +# also use it for other temporary files like authfiles. +if [ -z "${PODMAN_LOGIN_WORKDIR}" ]; then + export PODMAN_LOGIN_WORKDIR=$(mktemp -d --tmpdir=${BATS_TMPDIR:-${TMPDIR:-/tmp}} podman_bats_login.XXXXXX) +fi + +# Randomly-generated username and password +if [ -z "${PODMAN_LOGIN_USER}" ]; then + export PODMAN_LOGIN_USER="user$(random_string 4)" + export PODMAN_LOGIN_PASS=$(random_string 15) +fi + +# Randomly-assigned port in the 5xxx range +if [ -z "${PODMAN_LOGIN_REGISTRY_PORT}" ]; then + for port in $(shuf -i 5000-5999);do + if ! { exec 3<> /dev/tcp/127.0.0.1/$port; } &>/dev/null; then + export PODMAN_LOGIN_REGISTRY_PORT=$port + break + fi + done +fi + +# Override any user-set path to an auth file +unset REGISTRY_AUTH_FILE + +# END one-time envariable setup +############################################################################### +# BEGIN filtering - none of these tests will work with podman-remote + +function setup() { + skip_if_remote "none of these tests work with podman-remote" + + basic_setup +} + +# END filtering - none of these tests will work with podman-remote +############################################################################### +# BEGIN first "test" - start a registry for use by other tests +# +# This isn't really a test: it's a helper that starts a local registry. +# Note that we're careful to use a root/runroot separate from our tests, +# so setup/teardown don't clobber our registry image. +# + +@test "podman login [start registry]" { + AUTHDIR=${PODMAN_LOGIN_WORKDIR}/auth + mkdir -p $AUTHDIR + + # Pull registry image, but into a separate container storage + mkdir -p ${PODMAN_LOGIN_WORKDIR}/root + mkdir -p ${PODMAN_LOGIN_WORKDIR}/runroot + PODMAN_LOGIN_ARGS="--root ${PODMAN_LOGIN_WORKDIR}/root --runroot ${PODMAN_LOGIN_WORKDIR}/runroot" + # Give it three tries, to compensate for flakes + run_podman ${PODMAN_LOGIN_ARGS} pull registry:2 || + run_podman ${PODMAN_LOGIN_ARGS} pull registry:2 || + run_podman ${PODMAN_LOGIN_ARGS} pull registry:2 + + # Registry image needs a cert. Self-signed is good enough. + CERT=$AUTHDIR/domain.crt + if [ ! -e $CERT ]; then + openssl req -newkey rsa:4096 -nodes -sha256 \ + -keyout $AUTHDIR/domain.key -x509 -days 2 \ + -out $AUTHDIR/domain.crt \ + -subj "/C=US/ST=Foo/L=Bar/O=Red Hat, Inc./CN=localhost" + fi + + # Store credentials where container will see them + if [ ! -e $AUTHDIR/htpasswd ]; then + run_podman ${PODMAN_LOGIN_ARGS} run --rm \ + --entrypoint htpasswd registry:2 \ + -Bbn ${PODMAN_LOGIN_USER} ${PODMAN_LOGIN_PASS} \ + > $AUTHDIR/htpasswd + + # In case $PODMAN_TEST_KEEP_LOGIN_REGISTRY is set, for testing later + echo "${PODMAN_LOGIN_USER}:${PODMAN_LOGIN_PASS}" \ + > $AUTHDIR/htpasswd-plaintext + fi + + # Run the registry container. + run_podman '?' ${PODMAN_LOGIN_ARGS} rm -f registry + run_podman ${PODMAN_LOGIN_ARGS} run -d \ + -p ${PODMAN_LOGIN_REGISTRY_PORT}:5000 \ + --name registry \ + -v $AUTHDIR:/auth:Z \ + -e "REGISTRY_AUTH=htpasswd" \ + -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \ + -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \ + -e REGISTRY_HTTP_TLS_CERTIFICATE=/auth/domain.crt \ + -e REGISTRY_HTTP_TLS_KEY=/auth/domain.key \ + registry:2 +} + +# END first "test" - start a registry for use by other tests +############################################################################### +# BEGIN actual tests +# BEGIN primary podman login/push/pull tests + +@test "podman login - basic test" { + run_podman login --tls-verify=false \ + --username ${PODMAN_LOGIN_USER} \ + --password-stdin \ + localhost:${PODMAN_LOGIN_REGISTRY_PORT} <<<"${PODMAN_LOGIN_PASS}" + is "$output" "Login Succeeded!" "output from podman login" + + # Now log out + run_podman logout localhost:${PODMAN_LOGIN_REGISTRY_PORT} + is "$output" "Removed login credentials for localhost:${PODMAN_LOGIN_REGISTRY_PORT}" \ + "output from podman logout" +} + +@test "podman login - with wrong credentials" { + registry=localhost:${PODMAN_LOGIN_REGISTRY_PORT} + + run_podman 125 login --tls-verify=false \ + --username ${PODMAN_LOGIN_USER} \ + --password-stdin \ + $registry <<< "x${PODMAN_LOGIN_PASS}" + is "$output" \ + "Error: error logging into \"$registry\": invalid username/password" \ + 'output from podman login' +} + +@test "podman login - check generated authfile" { + authfile=${PODMAN_LOGIN_WORKDIR}/auth-$(random_string 10).json + rm -f $authfile + + registry=localhost:${PODMAN_LOGIN_REGISTRY_PORT} + + run_podman login --authfile=$authfile \ + --tls-verify=false \ + --username ${PODMAN_LOGIN_USER} \ + --password ${PODMAN_LOGIN_PASS} \ + $registry + + # Confirm that authfile now exists + test -e $authfile || \ + die "podman login did not create authfile $authfile" + + # Special bracket form needed because of colon in host:port + run jq -r ".[\"auths\"][\"$registry\"][\"auth\"]" <$authfile + is "$status" "0" "jq from $authfile" + + expect_userpass="${PODMAN_LOGIN_USER}:${PODMAN_LOGIN_PASS}" + actual_userpass=$(base64 -d <<<"$output") + is "$actual_userpass" "$expect_userpass" "credentials stored in $authfile" + + + # Now log out and make sure credentials are removed + run_podman logout --authfile=$authfile $registry + + run jq -r '.auths' <$authfile + is "$status" "0" "jq from $authfile" + is "$output" "{}" "credentials removed from $authfile" +} + +# Some push tests +@test "podman push fail" { + # Create an invalid authfile + authfile=${PODMAN_LOGIN_WORKDIR}/auth-$(random_string 10).json + rm -f $authfile + + wrong_auth=$(base64 <<<"baduser:wrongpassword") + cat >$authfile <<EOF +{ + "auths": { + "localhost:${PODMAN_LOGIN_REGISTRY_PORT}": { + "auth": "$wrong_auth" + } + } +} +EOF + + run_podman 125 push --authfile=$authfile \ + --tls-verify=false $IMAGE \ + localhost:${PODMAN_LOGIN_REGISTRY_PORT}/badpush:1 + is "$output" ".*: unauthorized: authentication required" \ + "auth error on push" +} + +@test "podman push ok" { + # ARGH! We can't push $IMAGE (alpine_labels) to this registry; error is: + # + # Writing manifest to image destination + # Error: Error copying image to the remote destination: Error writing manifest: Error uploading manifest latest to localhost:${PODMAN_LOGIN_REGISTRY_PORT}/okpush: received unexpected HTTP status: 500 Internal Server Error + # + # Root cause: something to do with v1/v2 s1/s2: + # + # https://github.com/containers/skopeo/issues/651 + # + run_podman pull busybox + + # Preserve its ID for later comparison against push/pulled image + run_podman inspect --format '{{.Id}}' busybox + id_busybox=$output + + destname=ok-$(random_string 10 | tr A-Z a-z)-ok + # Use command-line credentials + run_podman push --tls-verify=false \ + --creds ${PODMAN_LOGIN_USER}:${PODMAN_LOGIN_PASS} \ + busybox localhost:${PODMAN_LOGIN_REGISTRY_PORT}/$destname + + # Yay! Pull it back + run_podman pull --tls-verify=false \ + --creds ${PODMAN_LOGIN_USER}:${PODMAN_LOGIN_PASS} \ + localhost:${PODMAN_LOGIN_REGISTRY_PORT}/$destname + + # Compare to original busybox + run_podman inspect --format '{{.Id}}' $destname + is "$output" "$id_busybox" "Image ID of pulled image == busybox" + + run_podman rmi busybox $destname +} + +# END primary podman login/push/pull tests +############################################################################### +# BEGIN cooperation with skopeo + +# Skopeo helper - keep this separate, so we can test with different +# envariable settings +function _test_skopeo_credential_sharing() { + if ! type -p skopeo; then + skip "skopeo not available" + fi + + registry=localhost:${PODMAN_LOGIN_REGISTRY_PORT} + + run_podman login "$@" --tls-verify=false \ + --username ${PODMAN_LOGIN_USER} \ + --password ${PODMAN_LOGIN_PASS} \ + $registry + + destname=skopeo-ok-$(random_string 10 | tr A-Z a-z)-ok + echo "# skopeo copy ..." + run skopeo copy "$@" \ + --format=v2s2 \ + --dest-tls-verify=false \ + containers-storage:$IMAGE \ + docker://$registry/$destname + echo "$output" + is "$status" "0" "skopeo copy - exit status" + is "$output" ".*Copying blob .*" "output of skopeo copy" + is "$output" ".*Copying config .*" "output of skopeo copy" + is "$output" ".*Writing manifest .*" "output of skopeo copy" + + echo "# skopeo inspect ..." + run skopeo inspect "$@" --tls-verify=false docker://$registry/$destname + echo "$output" + is "$status" "0" "skopeo inspect - exit status" + + got_name=$(jq -r .Name <<<"$output") + is "$got_name" "$registry/$dest_name" "skopeo inspect -> Name" + + # Now try without a valid login; it should fail + run_podman logout "$@" $registry + echo "# skopeo inspect [with no credentials] ..." + run skopeo inspect "$@" --tls-verify=false docker://$registry/$destname + echo "$output" + is "$status" "1" "skopeo inspect - exit status" + is "$output" ".*: unauthorized: authentication required" \ + "auth error on skopeo inspect" +} + +@test "podman login - shares credentials with skopeo - default auth file" { + if is_rootless; then + if [ -z "${XDG_RUNTIME_DIR}" ]; then + skip "skopeo does not match podman when XDG_RUNTIME_DIR unset; #823" + fi + fi + _test_skopeo_credential_sharing +} + +@test "podman login - shares credentials with skopeo - via envariable" { + skip "skopeo does not yet support REGISTRY_AUTH_FILE; #822" + authfile=${PODMAN_LOGIN_WORKDIR}/auth-$(random_string 10).json + rm -f $authfile + + REGISTRY_AUTH_FILE=$authfile _test_skopeo_credential_sharing + rm -f $authfile +} + +@test "podman login - shares credentials with skopeo - via --authfile" { + # Also test that command-line --authfile overrides envariable + authfile=${PODMAN_LOGIN_WORKDIR}/auth-$(random_string 10).json + rm -f $authfile + + fake_authfile=${PODMAN_LOGIN_WORKDIR}/auth-$(random_string 10).json + rm -f $fake_authfile + + REGISTRY_AUTH_FILE=$authfile _test_skopeo_credential_sharing --authfile=$authfile + + if [ -e $fake_authfile ]; then + die "REGISTRY_AUTH_FILE overrode command-line --authfile!" + fi + rm -f $authfile +} + +# END cooperation with skopeo +# END actual tests +############################################################################### +# BEGIN teardown (remove the registry container) + +@test "podman login [stop registry, clean up]" { + # For manual debugging; user may request keeping the registry running + if [ -n "${PODMAN_TEST_KEEP_LOGIN_REGISTRY}" ]; then + skip "[leaving registry running by request]" + fi + + run_podman --root ${PODMAN_LOGIN_WORKDIR}/root \ + --runroot ${PODMAN_LOGIN_WORKDIR}/runroot \ + rm -f registry + run_podman --root ${PODMAN_LOGIN_WORKDIR}/root \ + --runroot ${PODMAN_LOGIN_WORKDIR}/runroot \ + rmi -a + + # By default, clean up + if [ -z "${PODMAN_TEST_KEEP_LOGIN_WORKDIR}" ]; then + rm -rf ${PODMAN_LOGIN_WORKDIR} + fi + + # Make sure socket is closed + if { exec 3<> /dev/tcp/127.0.0.1/${PODMAN_LOGIN_REGISTRY_PORT}; } &>/dev/null; then + die "Socket still seems open" + fi +} + +# END teardown (remove the registry container) +############################################################################### + +# vim: filetype=sh |