summaryrefslogtreecommitdiff
path: root/test
diff options
context:
space:
mode:
Diffstat (limited to 'test')
-rw-r--r--test/e2e/login_logout_test.go52
-rw-r--r--test/e2e/pod_create_test.go165
-rw-r--r--test/e2e/run_volume_test.go20
-rw-r--r--test/e2e/search_test.go13
-rw-r--r--test/system/010-images.bats36
-rw-r--r--test/system/150-login.bats339
6 files changed, 615 insertions, 10 deletions
diff --git a/test/e2e/login_logout_test.go b/test/e2e/login_logout_test.go
index 78c9b52d9..42698d270 100644
--- a/test/e2e/login_logout_test.go
+++ b/test/e2e/login_logout_test.go
@@ -19,14 +19,15 @@ import (
var _ = Describe("Podman login and logout", func() {
var (
- tempdir string
- err error
- podmanTest *PodmanTestIntegration
- authPath string
- certPath string
- port int
- server string
- testImg string
+ tempdir string
+ err error
+ podmanTest *PodmanTestIntegration
+ authPath string
+ certPath string
+ port int
+ server string
+ testImg string
+ registriesConfWithSearch []byte
)
BeforeEach(func() {
@@ -64,6 +65,9 @@ var _ = Describe("Podman login and logout", func() {
f.Sync()
port = 4999 + config.GinkgoConfig.ParallelNode
server = strings.Join([]string{"localhost", strconv.Itoa(port)}, ":")
+
+ registriesConfWithSearch = []byte(fmt.Sprintf("[registries.search]\nregistries = ['%s']", server))
+
testImg = strings.Join([]string{server, "test-apline"}, "/")
os.MkdirAll(filepath.Join("/etc/containers/certs.d", server), os.ModePerm)
@@ -113,6 +117,38 @@ var _ = Describe("Podman login and logout", func() {
Expect(session).To(ExitWithError())
})
+ It("podman login and logout without registry parameter", func() {
+ SkipIfRootless()
+
+ registriesConf, err := ioutil.TempFile("", "TestLoginWithoutParameter")
+ Expect(err).To(BeNil())
+ defer registriesConf.Close()
+ defer os.Remove(registriesConf.Name())
+
+ err = ioutil.WriteFile(registriesConf.Name(), []byte(registriesConfWithSearch), os.ModePerm)
+ Expect(err).To(BeNil())
+
+ // Environment is per-process, so this looks very unsafe; actually it seems fine because tests are not
+ // run in parallel unless they opt in by calling t.Parallel(). So don’t do that.
+ oldRCP, hasRCP := os.LookupEnv("REGISTRIES_CONFIG_PATH")
+ defer func() {
+ if hasRCP {
+ os.Setenv("REGISTRIES_CONFIG_PATH", oldRCP)
+ } else {
+ os.Unsetenv("REGISTRIES_CONFIG_PATH")
+ }
+ }()
+ os.Setenv("REGISTRIES_CONFIG_PATH", registriesConf.Name())
+
+ session := podmanTest.Podman([]string{"login", "-u", "podmantest", "-p", "test"})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To((Equal(0)))
+
+ session = podmanTest.Podman([]string{"logout"})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(0))
+ })
+
It("podman login and logout with flag --authfile", func() {
SkipIfRootless()
authFile := filepath.Join(podmanTest.TempDir, "auth.json")
diff --git a/test/e2e/pod_create_test.go b/test/e2e/pod_create_test.go
index 2efa36141..e0a10c202 100644
--- a/test/e2e/pod_create_test.go
+++ b/test/e2e/pod_create_test.go
@@ -1,7 +1,9 @@
package integration
import (
+ "fmt"
"os"
+ "strings"
. "github.com/containers/libpod/test/utils"
. "github.com/onsi/ginkgo"
@@ -117,4 +119,167 @@ var _ = Describe("Podman pod create", func() {
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(125))
})
+
+ It("podman create pod with --no-hosts", func() {
+ SkipIfRemote()
+ name := "test"
+ podCreate := podmanTest.Podman([]string{"pod", "create", "--no-hosts", "--name", name})
+ podCreate.WaitWithDefaultTimeout()
+ Expect(podCreate.ExitCode()).To(Equal(0))
+
+ alpineResolvConf := podmanTest.Podman([]string{"run", "-ti", "--rm", "--no-hosts", ALPINE, "cat", "/etc/hosts"})
+ alpineResolvConf.WaitWithDefaultTimeout()
+ Expect(alpineResolvConf.ExitCode()).To(Equal(0))
+
+ podResolvConf := podmanTest.Podman([]string{"run", "--pod", name, "-ti", "--rm", ALPINE, "cat", "/etc/hosts"})
+ podResolvConf.WaitWithDefaultTimeout()
+ Expect(podResolvConf.ExitCode()).To(Equal(0))
+ Expect(podResolvConf.OutputToString()).To(Equal(alpineResolvConf.OutputToString()))
+ })
+
+ It("podman create pod with --no-hosts and no infra should fail", func() {
+ SkipIfRemote()
+ name := "test"
+ podCreate := podmanTest.Podman([]string{"pod", "create", "--no-hosts", "--name", name, "--infra=false"})
+ podCreate.WaitWithDefaultTimeout()
+ Expect(podCreate.ExitCode()).To(Equal(125))
+ })
+
+ It("podman create pod with --add-host", func() {
+ SkipIfRemote()
+ name := "test"
+ podCreate := podmanTest.Podman([]string{"pod", "create", "--add-host", "test.example.com:12.34.56.78", "--name", name})
+ podCreate.WaitWithDefaultTimeout()
+ Expect(podCreate.ExitCode()).To(Equal(0))
+
+ podResolvConf := podmanTest.Podman([]string{"run", "--pod", name, "-ti", "--rm", ALPINE, "cat", "/etc/hosts"})
+ podResolvConf.WaitWithDefaultTimeout()
+ Expect(podResolvConf.ExitCode()).To(Equal(0))
+ Expect(strings.Contains(podResolvConf.OutputToString(), "12.34.56.78 test.example.com")).To(BeTrue())
+ })
+
+ It("podman create pod with --add-host and no infra should fail", func() {
+ SkipIfRemote()
+ name := "test"
+ podCreate := podmanTest.Podman([]string{"pod", "create", "--add-host", "test.example.com:12.34.56.78", "--name", name, "--infra=false"})
+ podCreate.WaitWithDefaultTimeout()
+ Expect(podCreate.ExitCode()).To(Equal(125))
+ })
+
+ It("podman create pod with DNS server set", func() {
+ SkipIfRemote()
+ name := "test"
+ server := "12.34.56.78"
+ podCreate := podmanTest.Podman([]string{"pod", "create", "--dns", server, "--name", name})
+ podCreate.WaitWithDefaultTimeout()
+ Expect(podCreate.ExitCode()).To(Equal(0))
+
+ podResolvConf := podmanTest.Podman([]string{"run", "--pod", name, "-ti", "--rm", ALPINE, "cat", "/etc/resolv.conf"})
+ podResolvConf.WaitWithDefaultTimeout()
+ Expect(podResolvConf.ExitCode()).To(Equal(0))
+ Expect(strings.Contains(podResolvConf.OutputToString(), fmt.Sprintf("nameserver %s", server))).To(BeTrue())
+ })
+
+ It("podman create pod with DNS server set and no infra should fail", func() {
+ SkipIfRemote()
+ name := "test"
+ server := "12.34.56.78"
+ podCreate := podmanTest.Podman([]string{"pod", "create", "--dns", server, "--name", name, "--infra=false"})
+ podCreate.WaitWithDefaultTimeout()
+ Expect(podCreate.ExitCode()).To(Equal(125))
+ })
+
+ It("podman create pod with DNS option set", func() {
+ SkipIfRemote()
+ name := "test"
+ option := "attempts:5"
+ podCreate := podmanTest.Podman([]string{"pod", "create", "--dns-opt", option, "--name", name})
+ podCreate.WaitWithDefaultTimeout()
+ Expect(podCreate.ExitCode()).To(Equal(0))
+
+ podResolvConf := podmanTest.Podman([]string{"run", "--pod", name, "-ti", "--rm", ALPINE, "cat", "/etc/resolv.conf"})
+ podResolvConf.WaitWithDefaultTimeout()
+ Expect(podResolvConf.ExitCode()).To(Equal(0))
+ Expect(strings.Contains(podResolvConf.OutputToString(), fmt.Sprintf("options %s", option))).To(BeTrue())
+ })
+
+ It("podman create pod with DNS option set and no infra should fail", func() {
+ SkipIfRemote()
+ name := "test"
+ option := "attempts:5"
+ podCreate := podmanTest.Podman([]string{"pod", "create", "--dns-opt", option, "--name", name, "--infra=false"})
+ podCreate.WaitWithDefaultTimeout()
+ Expect(podCreate.ExitCode()).To(Equal(125))
+ })
+
+ It("podman create pod with DNS search domain set", func() {
+ SkipIfRemote()
+ name := "test"
+ search := "example.com"
+ podCreate := podmanTest.Podman([]string{"pod", "create", "--dns-search", search, "--name", name})
+ podCreate.WaitWithDefaultTimeout()
+ Expect(podCreate.ExitCode()).To(Equal(0))
+
+ podResolvConf := podmanTest.Podman([]string{"run", "--pod", name, "-ti", "--rm", ALPINE, "cat", "/etc/resolv.conf"})
+ podResolvConf.WaitWithDefaultTimeout()
+ Expect(podResolvConf.ExitCode()).To(Equal(0))
+ Expect(strings.Contains(podResolvConf.OutputToString(), fmt.Sprintf("search %s", search))).To(BeTrue())
+ })
+
+ It("podman create pod with DNS search domain set and no infra should fail", func() {
+ SkipIfRemote()
+ name := "test"
+ search := "example.com"
+ podCreate := podmanTest.Podman([]string{"pod", "create", "--dns-search", search, "--name", name, "--infra=false"})
+ podCreate.WaitWithDefaultTimeout()
+ Expect(podCreate.ExitCode()).To(Equal(125))
+ })
+
+ It("podman create pod with IP address", func() {
+ SkipIfRemote()
+ SkipIfRootless()
+ name := "test"
+ ip := GetRandomIPAddress()
+ podCreate := podmanTest.Podman([]string{"pod", "create", "--ip", ip, "--name", name})
+ podCreate.WaitWithDefaultTimeout()
+ Expect(podCreate.ExitCode()).To(Equal(0))
+
+ podResolvConf := podmanTest.Podman([]string{"run", "--pod", name, "-ti", "--rm", ALPINE, "ip", "addr"})
+ podResolvConf.WaitWithDefaultTimeout()
+ Expect(podResolvConf.ExitCode()).To(Equal(0))
+ Expect(strings.Contains(podResolvConf.OutputToString(), ip)).To(BeTrue())
+ })
+
+ It("podman create pod with IP address and no infra should fail", func() {
+ SkipIfRemote()
+ name := "test"
+ ip := GetRandomIPAddress()
+ podCreate := podmanTest.Podman([]string{"pod", "create", "--ip", ip, "--name", name, "--infra=false"})
+ podCreate.WaitWithDefaultTimeout()
+ Expect(podCreate.ExitCode()).To(Equal(125))
+ })
+
+ It("podman create pod with MAC address", func() {
+ SkipIfRemote()
+ SkipIfRootless()
+ name := "test"
+ mac := "92:d0:c6:0a:29:35"
+ podCreate := podmanTest.Podman([]string{"pod", "create", "--mac-address", mac, "--name", name})
+ podCreate.WaitWithDefaultTimeout()
+ Expect(podCreate.ExitCode()).To(Equal(0))
+
+ podResolvConf := podmanTest.Podman([]string{"run", "--pod", name, "-ti", "--rm", ALPINE, "ip", "addr"})
+ podResolvConf.WaitWithDefaultTimeout()
+ Expect(podResolvConf.ExitCode()).To(Equal(0))
+ Expect(strings.Contains(podResolvConf.OutputToString(), mac)).To(BeTrue())
+ })
+
+ It("podman create pod with MAC address and no infra should fail", func() {
+ SkipIfRemote()
+ name := "test"
+ mac := "92:d0:c6:0a:29:35"
+ podCreate := podmanTest.Podman([]string{"pod", "create", "--mac-address", mac, "--name", name, "--infra=false"})
+ podCreate.WaitWithDefaultTimeout()
+ Expect(podCreate.ExitCode()).To(Equal(125))
+ })
})
diff --git a/test/e2e/run_volume_test.go b/test/e2e/run_volume_test.go
index 46c27dc2e..e31338dbc 100644
--- a/test/e2e/run_volume_test.go
+++ b/test/e2e/run_volume_test.go
@@ -15,6 +15,10 @@ import (
"github.com/onsi/gomega/gexec"
)
+var VolumeTrailingSlashDockerfile = `
+FROM alpine:latest
+VOLUME /test/`
+
var _ = Describe("Podman run with volumes", func() {
var (
tempdir string
@@ -421,4 +425,20 @@ var _ = Describe("Podman run with volumes", func() {
Expect(len(outputArr)).To(Equal(1))
Expect(strings.Contains(outputArr[0], fileName)).To(BeTrue())
})
+
+ It("Podman mount over image volume with trailing /", func() {
+ image := "podman-volume-test:trailing"
+ podmanTest.BuildImage(VolumeTrailingSlashDockerfile, image, "false")
+
+ ctrName := "testCtr"
+ create := podmanTest.Podman([]string{"create", "-v", "/tmp:/test", "--name", ctrName, image, "ls"})
+ create.WaitWithDefaultTimeout()
+ Expect(create.ExitCode()).To(Equal(0))
+
+ data := podmanTest.InspectContainer(ctrName)
+ Expect(len(data)).To(Equal(1))
+ Expect(len(data[0].Mounts)).To(Equal(1))
+ Expect(data[0].Mounts[0].Source).To(Equal("/tmp"))
+ Expect(data[0].Mounts[0].Destination).To(Equal("/test"))
+ })
})
diff --git a/test/e2e/search_test.go b/test/e2e/search_test.go
index d88231510..a697831ab 100644
--- a/test/e2e/search_test.go
+++ b/test/e2e/search_test.go
@@ -9,6 +9,7 @@ import (
"os"
"strconv"
"text/template"
+ "time"
. "github.com/containers/libpod/test/utils"
. "github.com/onsi/ginkgo"
@@ -165,8 +166,16 @@ registries = ['{{.Host}}:{{.Port}}']`
})
It("podman search v2 registry with empty query", func() {
- search := podmanTest.Podman([]string{"search", "registry.fedoraproject.org/"})
- search.WaitWithDefaultTimeout()
+ var search *PodmanSessionIntegration
+ for i := 0; i < 5; i++ {
+ search = podmanTest.Podman([]string{"search", "registry.fedoraproject.org/"})
+ search.WaitWithDefaultTimeout()
+ if search.ExitCode() == 0 {
+ break
+ }
+ fmt.Println("Search failed; sleeping & retrying...")
+ time.Sleep(2 * time.Second)
+ }
Expect(search.ExitCode()).To(Equal(0))
Expect(len(search.OutputToStringArray())).To(BeNumerically(">=", 1))
})
diff --git a/test/system/010-images.bats b/test/system/010-images.bats
index 66ef53590..3224c9b42 100644
--- a/test/system/010-images.bats
+++ b/test/system/010-images.bats
@@ -74,4 +74,40 @@ size | [0-9]\\\+
run_podman rm my-container
}
+@test "podman images - filter" {
+ skip_if_remote "podman commit -q is broken in podman-remote"
+
+ run_podman inspect --format '{{.ID}}' $IMAGE
+ iid=$output
+
+ run_podman images --noheading --filter=after=$iid
+ is "$output" "" "baseline: empty results from filter (after)"
+
+ run_podman images --noheading --filter=before=$iid
+ is "$output" "" "baseline: empty results from filter (before)"
+
+ # Create a dummy container, then commit that as an image. We will
+ # now be able to use before/after/since queries
+ run_podman run --name mytinycontainer $IMAGE true
+ run_podman commit -q mytinycontainer mynewimage
+ new_iid=$output
+
+ # (refactor common options for legibility)
+ opts='--noheading --no-trunc --format={{.ID}}--{{.Repository}}:{{.Tag}}'
+
+ run_podman images ${opts} --filter=after=$iid
+ is "$output" "sha256:$new_iid--localhost/mynewimage:latest" "filter: after"
+
+ # Same thing, with 'since' instead of 'after'
+ run_podman images ${opts} --filter=since=$iid
+ is "$output" "sha256:$new_iid--localhost/mynewimage:latest" "filter: since"
+
+ run_podman images ${opts} --filter=before=mynewimage
+ is "$output" "sha256:$iid--$IMAGE" "filter: before"
+
+ # Clean up
+ run_podman rmi mynewimage
+ run_podman rm mytinycontainer
+}
+
# vim: filetype=sh
diff --git a/test/system/150-login.bats b/test/system/150-login.bats
new file mode 100644
index 000000000..e33217e14
--- /dev/null
+++ b/test/system/150-login.bats
@@ -0,0 +1,339 @@
+#!/usr/bin/env bats -*- bats -*-
+#
+# tests for podman login
+#
+
+load helpers
+
+###############################################################################
+# BEGIN one-time envariable setup
+
+# Create a scratch directory; our podman registry will run from here. We
+# also use it for other temporary files like authfiles.
+if [ -z "${PODMAN_LOGIN_WORKDIR}" ]; then
+ export PODMAN_LOGIN_WORKDIR=$(mktemp -d --tmpdir=${BATS_TMPDIR:-${TMPDIR:-/tmp}} podman_bats_login.XXXXXX)
+fi
+
+# Randomly-generated username and password
+if [ -z "${PODMAN_LOGIN_USER}" ]; then
+ export PODMAN_LOGIN_USER="user$(random_string 4)"
+ export PODMAN_LOGIN_PASS=$(random_string 15)
+fi
+
+# Randomly-assigned port in the 5xxx range
+if [ -z "${PODMAN_LOGIN_REGISTRY_PORT}" ]; then
+ for port in $(shuf -i 5000-5999);do
+ if ! { exec 3<> /dev/tcp/127.0.0.1/$port; } &>/dev/null; then
+ export PODMAN_LOGIN_REGISTRY_PORT=$port
+ break
+ fi
+ done
+fi
+
+# Override any user-set path to an auth file
+unset REGISTRY_AUTH_FILE
+
+# END one-time envariable setup
+###############################################################################
+# BEGIN filtering - none of these tests will work with podman-remote
+
+function setup() {
+ skip_if_remote "none of these tests work with podman-remote"
+
+ basic_setup
+}
+
+# END filtering - none of these tests will work with podman-remote
+###############################################################################
+# BEGIN first "test" - start a registry for use by other tests
+#
+# This isn't really a test: it's a helper that starts a local registry.
+# Note that we're careful to use a root/runroot separate from our tests,
+# so setup/teardown don't clobber our registry image.
+#
+
+@test "podman login [start registry]" {
+ AUTHDIR=${PODMAN_LOGIN_WORKDIR}/auth
+ mkdir -p $AUTHDIR
+
+ # Pull registry image, but into a separate container storage
+ mkdir -p ${PODMAN_LOGIN_WORKDIR}/root
+ mkdir -p ${PODMAN_LOGIN_WORKDIR}/runroot
+ PODMAN_LOGIN_ARGS="--root ${PODMAN_LOGIN_WORKDIR}/root --runroot ${PODMAN_LOGIN_WORKDIR}/runroot"
+ # Give it three tries, to compensate for flakes
+ run_podman ${PODMAN_LOGIN_ARGS} pull registry:2 ||
+ run_podman ${PODMAN_LOGIN_ARGS} pull registry:2 ||
+ run_podman ${PODMAN_LOGIN_ARGS} pull registry:2
+
+ # Registry image needs a cert. Self-signed is good enough.
+ CERT=$AUTHDIR/domain.crt
+ if [ ! -e $CERT ]; then
+ openssl req -newkey rsa:4096 -nodes -sha256 \
+ -keyout $AUTHDIR/domain.key -x509 -days 2 \
+ -out $AUTHDIR/domain.crt \
+ -subj "/C=US/ST=Foo/L=Bar/O=Red Hat, Inc./CN=localhost"
+ fi
+
+ # Store credentials where container will see them
+ if [ ! -e $AUTHDIR/htpasswd ]; then
+ run_podman ${PODMAN_LOGIN_ARGS} run --rm \
+ --entrypoint htpasswd registry:2 \
+ -Bbn ${PODMAN_LOGIN_USER} ${PODMAN_LOGIN_PASS} \
+ > $AUTHDIR/htpasswd
+
+ # In case $PODMAN_TEST_KEEP_LOGIN_REGISTRY is set, for testing later
+ echo "${PODMAN_LOGIN_USER}:${PODMAN_LOGIN_PASS}" \
+ > $AUTHDIR/htpasswd-plaintext
+ fi
+
+ # Run the registry container.
+ run_podman '?' ${PODMAN_LOGIN_ARGS} rm -f registry
+ run_podman ${PODMAN_LOGIN_ARGS} run -d \
+ -p ${PODMAN_LOGIN_REGISTRY_PORT}:5000 \
+ --name registry \
+ -v $AUTHDIR:/auth:Z \
+ -e "REGISTRY_AUTH=htpasswd" \
+ -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
+ -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \
+ -e REGISTRY_HTTP_TLS_CERTIFICATE=/auth/domain.crt \
+ -e REGISTRY_HTTP_TLS_KEY=/auth/domain.key \
+ registry:2
+}
+
+# END first "test" - start a registry for use by other tests
+###############################################################################
+# BEGIN actual tests
+# BEGIN primary podman login/push/pull tests
+
+@test "podman login - basic test" {
+ run_podman login --tls-verify=false \
+ --username ${PODMAN_LOGIN_USER} \
+ --password-stdin \
+ localhost:${PODMAN_LOGIN_REGISTRY_PORT} <<<"${PODMAN_LOGIN_PASS}"
+ is "$output" "Login Succeeded!" "output from podman login"
+
+ # Now log out
+ run_podman logout localhost:${PODMAN_LOGIN_REGISTRY_PORT}
+ is "$output" "Removed login credentials for localhost:${PODMAN_LOGIN_REGISTRY_PORT}" \
+ "output from podman logout"
+}
+
+@test "podman login - with wrong credentials" {
+ registry=localhost:${PODMAN_LOGIN_REGISTRY_PORT}
+
+ run_podman 125 login --tls-verify=false \
+ --username ${PODMAN_LOGIN_USER} \
+ --password-stdin \
+ $registry <<< "x${PODMAN_LOGIN_PASS}"
+ is "$output" \
+ "Error: error logging into \"$registry\": invalid username/password" \
+ 'output from podman login'
+}
+
+@test "podman login - check generated authfile" {
+ authfile=${PODMAN_LOGIN_WORKDIR}/auth-$(random_string 10).json
+ rm -f $authfile
+
+ registry=localhost:${PODMAN_LOGIN_REGISTRY_PORT}
+
+ run_podman login --authfile=$authfile \
+ --tls-verify=false \
+ --username ${PODMAN_LOGIN_USER} \
+ --password ${PODMAN_LOGIN_PASS} \
+ $registry
+
+ # Confirm that authfile now exists
+ test -e $authfile || \
+ die "podman login did not create authfile $authfile"
+
+ # Special bracket form needed because of colon in host:port
+ run jq -r ".[\"auths\"][\"$registry\"][\"auth\"]" <$authfile
+ is "$status" "0" "jq from $authfile"
+
+ expect_userpass="${PODMAN_LOGIN_USER}:${PODMAN_LOGIN_PASS}"
+ actual_userpass=$(base64 -d <<<"$output")
+ is "$actual_userpass" "$expect_userpass" "credentials stored in $authfile"
+
+
+ # Now log out and make sure credentials are removed
+ run_podman logout --authfile=$authfile $registry
+
+ run jq -r '.auths' <$authfile
+ is "$status" "0" "jq from $authfile"
+ is "$output" "{}" "credentials removed from $authfile"
+}
+
+# Some push tests
+@test "podman push fail" {
+ # Create an invalid authfile
+ authfile=${PODMAN_LOGIN_WORKDIR}/auth-$(random_string 10).json
+ rm -f $authfile
+
+ wrong_auth=$(base64 <<<"baduser:wrongpassword")
+ cat >$authfile <<EOF
+{
+ "auths": {
+ "localhost:${PODMAN_LOGIN_REGISTRY_PORT}": {
+ "auth": "$wrong_auth"
+ }
+ }
+}
+EOF
+
+ run_podman 125 push --authfile=$authfile \
+ --tls-verify=false $IMAGE \
+ localhost:${PODMAN_LOGIN_REGISTRY_PORT}/badpush:1
+ is "$output" ".*: unauthorized: authentication required" \
+ "auth error on push"
+}
+
+@test "podman push ok" {
+ # ARGH! We can't push $IMAGE (alpine_labels) to this registry; error is:
+ #
+ # Writing manifest to image destination
+ # Error: Error copying image to the remote destination: Error writing manifest: Error uploading manifest latest to localhost:${PODMAN_LOGIN_REGISTRY_PORT}/okpush: received unexpected HTTP status: 500 Internal Server Error
+ #
+ # Root cause: something to do with v1/v2 s1/s2:
+ #
+ # https://github.com/containers/skopeo/issues/651
+ #
+ run_podman pull busybox
+
+ # Preserve its ID for later comparison against push/pulled image
+ run_podman inspect --format '{{.Id}}' busybox
+ id_busybox=$output
+
+ destname=ok-$(random_string 10 | tr A-Z a-z)-ok
+ # Use command-line credentials
+ run_podman push --tls-verify=false \
+ --creds ${PODMAN_LOGIN_USER}:${PODMAN_LOGIN_PASS} \
+ busybox localhost:${PODMAN_LOGIN_REGISTRY_PORT}/$destname
+
+ # Yay! Pull it back
+ run_podman pull --tls-verify=false \
+ --creds ${PODMAN_LOGIN_USER}:${PODMAN_LOGIN_PASS} \
+ localhost:${PODMAN_LOGIN_REGISTRY_PORT}/$destname
+
+ # Compare to original busybox
+ run_podman inspect --format '{{.Id}}' $destname
+ is "$output" "$id_busybox" "Image ID of pulled image == busybox"
+
+ run_podman rmi busybox $destname
+}
+
+# END primary podman login/push/pull tests
+###############################################################################
+# BEGIN cooperation with skopeo
+
+# Skopeo helper - keep this separate, so we can test with different
+# envariable settings
+function _test_skopeo_credential_sharing() {
+ if ! type -p skopeo; then
+ skip "skopeo not available"
+ fi
+
+ registry=localhost:${PODMAN_LOGIN_REGISTRY_PORT}
+
+ run_podman login "$@" --tls-verify=false \
+ --username ${PODMAN_LOGIN_USER} \
+ --password ${PODMAN_LOGIN_PASS} \
+ $registry
+
+ destname=skopeo-ok-$(random_string 10 | tr A-Z a-z)-ok
+ echo "# skopeo copy ..."
+ run skopeo copy "$@" \
+ --format=v2s2 \
+ --dest-tls-verify=false \
+ containers-storage:$IMAGE \
+ docker://$registry/$destname
+ echo "$output"
+ is "$status" "0" "skopeo copy - exit status"
+ is "$output" ".*Copying blob .*" "output of skopeo copy"
+ is "$output" ".*Copying config .*" "output of skopeo copy"
+ is "$output" ".*Writing manifest .*" "output of skopeo copy"
+
+ echo "# skopeo inspect ..."
+ run skopeo inspect "$@" --tls-verify=false docker://$registry/$destname
+ echo "$output"
+ is "$status" "0" "skopeo inspect - exit status"
+
+ got_name=$(jq -r .Name <<<"$output")
+ is "$got_name" "$registry/$dest_name" "skopeo inspect -> Name"
+
+ # Now try without a valid login; it should fail
+ run_podman logout "$@" $registry
+ echo "# skopeo inspect [with no credentials] ..."
+ run skopeo inspect "$@" --tls-verify=false docker://$registry/$destname
+ echo "$output"
+ is "$status" "1" "skopeo inspect - exit status"
+ is "$output" ".*: unauthorized: authentication required" \
+ "auth error on skopeo inspect"
+}
+
+@test "podman login - shares credentials with skopeo - default auth file" {
+ if is_rootless; then
+ if [ -z "${XDG_RUNTIME_DIR}" ]; then
+ skip "skopeo does not match podman when XDG_RUNTIME_DIR unset; #823"
+ fi
+ fi
+ _test_skopeo_credential_sharing
+}
+
+@test "podman login - shares credentials with skopeo - via envariable" {
+ skip "skopeo does not yet support REGISTRY_AUTH_FILE; #822"
+ authfile=${PODMAN_LOGIN_WORKDIR}/auth-$(random_string 10).json
+ rm -f $authfile
+
+ REGISTRY_AUTH_FILE=$authfile _test_skopeo_credential_sharing
+ rm -f $authfile
+}
+
+@test "podman login - shares credentials with skopeo - via --authfile" {
+ # Also test that command-line --authfile overrides envariable
+ authfile=${PODMAN_LOGIN_WORKDIR}/auth-$(random_string 10).json
+ rm -f $authfile
+
+ fake_authfile=${PODMAN_LOGIN_WORKDIR}/auth-$(random_string 10).json
+ rm -f $fake_authfile
+
+ REGISTRY_AUTH_FILE=$authfile _test_skopeo_credential_sharing --authfile=$authfile
+
+ if [ -e $fake_authfile ]; then
+ die "REGISTRY_AUTH_FILE overrode command-line --authfile!"
+ fi
+ rm -f $authfile
+}
+
+# END cooperation with skopeo
+# END actual tests
+###############################################################################
+# BEGIN teardown (remove the registry container)
+
+@test "podman login [stop registry, clean up]" {
+ # For manual debugging; user may request keeping the registry running
+ if [ -n "${PODMAN_TEST_KEEP_LOGIN_REGISTRY}" ]; then
+ skip "[leaving registry running by request]"
+ fi
+
+ run_podman --root ${PODMAN_LOGIN_WORKDIR}/root \
+ --runroot ${PODMAN_LOGIN_WORKDIR}/runroot \
+ rm -f registry
+ run_podman --root ${PODMAN_LOGIN_WORKDIR}/root \
+ --runroot ${PODMAN_LOGIN_WORKDIR}/runroot \
+ rmi -a
+
+ # By default, clean up
+ if [ -z "${PODMAN_TEST_KEEP_LOGIN_WORKDIR}" ]; then
+ rm -rf ${PODMAN_LOGIN_WORKDIR}
+ fi
+
+ # Make sure socket is closed
+ if { exec 3<> /dev/tcp/127.0.0.1/${PODMAN_LOGIN_REGISTRY_PORT}; } &>/dev/null; then
+ die "Socket still seems open"
+ fi
+}
+
+# END teardown (remove the registry container)
+###############################################################################
+
+# vim: filetype=sh