From 9251b6c8cfaa5db738212c467c79f8c3aceb5b7d Mon Sep 17 00:00:00 2001
From: troyready <troy@troyready.com>
Date: Tue, 2 Mar 2021 18:12:29 -0800
Subject: add /auth for docker compatibility
This endpoint just validates credentials:
https://github.com/moby/moby/blob/v20.10.4/api/swagger.yaml#L7936-L7977
Fixes: #9564
Signed-off-by: troyready <troy@troyready.com>
---
test/apiv2/rest_api/test_rest_v2_0_0.py | 21 +++++++++++----------
1 file changed, 11 insertions(+), 10 deletions(-)
(limited to 'test/apiv2')
diff --git a/test/apiv2/rest_api/test_rest_v2_0_0.py b/test/apiv2/rest_api/test_rest_v2_0_0.py
index c0b61ea85..062cf9386 100644
--- a/test/apiv2/rest_api/test_rest_v2_0_0.py
+++ b/test/apiv2/rest_api/test_rest_v2_0_0.py
@@ -555,16 +555,17 @@ class TestApi(unittest.TestCase):
self.assertIn(name, payload["VolumesDeleted"])
self.assertGreater(payload["SpaceReclaimed"], 0)
- def test_auth_compat(self):
- r = requests.post(
- PODMAN_URL + "/v1.40/auth",
- json={
- "username": "bozo",
- "password": "wedontneednopasswords",
- "serveraddress": "https://localhost/v1.40/",
- },
- )
- self.assertEqual(r.status_code, 404, r.content)
+ # TBD: how to test auth endpoint (which in turn requires a docker registry to connect to)
+ # def test_auth_compat(self):
+ # r = requests.post(
+ # PODMAN_URL + "/v1.40/auth",
+ # json={
+ # "username": "bozo",
+ # "password": "wedontneednopasswords",
+ # "serveraddress": "https://localhost/v1.40/",
+ # },
+ # )
+ # self.assertEqual(r.status_code, 404, r.content)
def test_version(self):
r = requests.get(PODMAN_URL + "/v1.40/version")
--
cgit v1.2.3-54-g00ecf
From 955aaccc55218cd0022a1180df4c15bb27674a8f Mon Sep 17 00:00:00 2001
From: troyready <troy@troyready.com>
Date: Wed, 10 Mar 2021 19:16:03 -0800
Subject: fix use with localhost (testing)
Signed-off-by: troyready <troy@troyready.com>
---
pkg/api/handlers/compat/auth.go | 12 ++++++++++--
test/apiv2/60-auth.at | 24 +++++++++---------------
test/apiv2/rest_api/test_rest_v2_0_0.py | 12 ------------
3 files changed, 19 insertions(+), 29 deletions(-)
(limited to 'test/apiv2')
diff --git a/pkg/api/handlers/compat/auth.go b/pkg/api/handlers/compat/auth.go
index e914301f4..2c152fbc2 100644
--- a/pkg/api/handlers/compat/auth.go
+++ b/pkg/api/handlers/compat/auth.go
@@ -16,6 +16,13 @@ import (
"github.com/pkg/errors"
)
+func stripAddressOfScheme(address string) string {
+ for _, s := range []string{"https", "http"} {
+ address = strings.TrimPrefix(address, s+"://")
+ }
+ return address
+}
+
func Auth(w http.ResponseWriter, r *http.Request) {
var authConfig docker.AuthConfig
err := json.NewDecoder(r.Body).Decode(&authConfig)
@@ -25,7 +32,7 @@ func Auth(w http.ResponseWriter, r *http.Request) {
}
skipTLS := types.NewOptionalBool(false)
- if strings.HasPrefix(authConfig.ServerAddress, "http://localhost/") || strings.HasPrefix(authConfig.ServerAddress, "http://localhost:") {
+ if strings.HasPrefix(authConfig.ServerAddress, "https://localhost/") || strings.HasPrefix(authConfig.ServerAddress, "https://localhost:") || strings.HasPrefix(authConfig.ServerAddress, "localhost:") {
// support for local testing
skipTLS = types.NewOptionalBool(true)
}
@@ -37,7 +44,8 @@ func Auth(w http.ResponseWriter, r *http.Request) {
DockerInsecureSkipTLSVerify: skipTLS,
SystemRegistriesConfPath: registries.SystemRegistriesConfPath(),
}
- if err := DockerClient.CheckAuth(context.Background(), &sysCtx, authConfig.Username, authConfig.Password, authConfig.ServerAddress); err == nil {
+ registry := stripAddressOfScheme(authConfig.ServerAddress)
+ if err := DockerClient.CheckAuth(context.Background(), &sysCtx, authConfig.Username, authConfig.Password, registry); err == nil {
utils.WriteResponse(w, http.StatusOK, entities.AuthReport{
IdentityToken: "",
Status: "Login Succeeded",
diff --git a/test/apiv2/60-auth.at b/test/apiv2/60-auth.at
index 378955cd7..cfde519c1 100644
--- a/test/apiv2/60-auth.at
+++ b/test/apiv2/60-auth.at
@@ -5,25 +5,19 @@
start_registry
-# FIXME FIXME FIXME: remove the 'if false' for use with PR 9589
-if false; then
-
-# FIXME FIXME: please forgive the horrible POST params format; I have an
-# upcoming PR which should fix that.
-
# Test with wrong password. Confirm bad status and appropriate error message
-t POST /v1.40/auth "\"username\":\"${REGISTRY_USERNAME}\",\"password\":\"WrOnGPassWord\",\"serveraddress\":\"localhost:$REGISTRY_PORT/\"" \
+t POST /v1.40/auth username=$REGISTRY_USERNAME password=WrOnGPassWord serveraddress=localhost:$REGISTRY_PORT/ \
400 \
.Status~'.* invalid username/password'
-# Test with the right password. Confirm status message and reasonable token
-t POST /v1.40/auth "\"username\":\"${REGISTRY_USERNAME}\",\"password\":\"${REGISTRY_PASSWORD}\",\"serveraddress\":\"localhost:$REGISTRY_PORT/\"" \
+# Test with the right password. Confirm status message
+t POST /v1.40/auth username=$REGISTRY_USERNAME password=$REGISTRY_PASSWORD serveraddress=localhost:$REGISTRY_PORT/ \
200 \
.Status="Login Succeeded" \
- .IdentityToken~[a-zA-Z0-9]
-
-# FIXME: now what? Try something-something using that token?
-token=$(jq -r .IdentityToken <<<"$output")
-# ...
+ .IdentityToken=""
-fi # FIXME FIXME FIXME: remove when working
+# Same test with url scheme provided
+t POST /v1.40/auth username=$REGISTRY_USERNAME password=$REGISTRY_PASSWORD serveraddress=https://localhost:$REGISTRY_PORT/ \
+ 200 \
+ .Status="Login Succeeded" \
+ .IdentityToken=""
diff --git a/test/apiv2/rest_api/test_rest_v2_0_0.py b/test/apiv2/rest_api/test_rest_v2_0_0.py
index 062cf9386..d7910f555 100644
--- a/test/apiv2/rest_api/test_rest_v2_0_0.py
+++ b/test/apiv2/rest_api/test_rest_v2_0_0.py
@@ -555,18 +555,6 @@ class TestApi(unittest.TestCase):
self.assertIn(name, payload["VolumesDeleted"])
self.assertGreater(payload["SpaceReclaimed"], 0)
- # TBD: how to test auth endpoint (which in turn requires a docker registry to connect to)
- # def test_auth_compat(self):
- # r = requests.post(
- # PODMAN_URL + "/v1.40/auth",
- # json={
- # "username": "bozo",
- # "password": "wedontneednopasswords",
- # "serveraddress": "https://localhost/v1.40/",
- # },
- # )
- # self.assertEqual(r.status_code, 404, r.content)
-
def test_version(self):
r = requests.get(PODMAN_URL + "/v1.40/version")
self.assertEqual(r.status_code, 200, r.content)
--
cgit v1.2.3-54-g00ecf