Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

apiv2 tests: add helpers to start/stop a local registry #9669

Merged
merged 1 commit into from
Mar 10, 2021
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
29 changes: 29 additions & 0 deletions test/apiv2/60-auth.at
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
# -*- sh -*-
#
# registry-related tests
#

start_registry

# FIXME FIXME FIXME: remove the 'if false' for use with PR 9589
if false; then

# FIXME FIXME: please forgive the horrible POST params format; I have an
# upcoming PR which should fix that.

# Test with wrong password. Confirm bad status and appropriate error message
t POST /v1.40/auth "\"username\":\"${REGISTRY_USERNAME}\",\"password\":\"WrOnGPassWord\",\"serveraddress\":\"localhost:$REGISTRY_PORT/\"" \
400 \
.Status~'.* invalid username/password'

# Test with the right password. Confirm status message and reasonable token
t POST /v1.40/auth "\"username\":\"${REGISTRY_USERNAME}\",\"password\":\"${REGISTRY_PASSWORD}\",\"serveraddress\":\"localhost:$REGISTRY_PORT/\"" \
200 \
.Status="Login Succeeded" \
.IdentityToken~[a-zA-Z0-9]

# FIXME: now what? Try something-something using that token?
token=$(jq -r .IdentityToken <<<"$output")
# ...

fi # FIXME FIXME FIXME: remove when working
115 changes: 109 additions & 6 deletions test/apiv2/test-apiv2
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,8 @@ PODMAN_TEST_IMAGE_FQN="$PODMAN_TEST_IMAGE_REGISTRY/$PODMAN_TEST_IMAGE_USER/$PODM

IMAGE=$PODMAN_TEST_IMAGE_FQN

REGISTRY_IMAGE="${PODMAN_TEST_IMAGE_REGISTRY}/${PODMAN_TEST_IMAGE_USER}/registry:2.7"

# END stuff you can but probably shouldn't customize
###############################################################################
# BEGIN setup
Expand Down Expand Up @@ -313,13 +315,115 @@ function start_service() {
die "Cannot start service on non-localhost ($HOST)"
fi

$PODMAN_BIN --root $WORKDIR system service --time 15 tcp:127.0.0.1:$PORT \
$PODMAN_BIN --root $WORKDIR/server_root system service \
--time 15 \
tcp:127.0.0.1:$PORT \
&> $WORKDIR/server.log &
service_pid=$!

wait_for_port $HOST $PORT
}

function stop_service() {
# Stop the server
if [[ -n $service_pid ]]; then
kill $service_pid
wait $service_pid
fi
}

####################
# start_registry # Run a local registry
####################
REGISTRY_PORT=
REGISTRY_USERNAME=
REGISTRY_PASSWORD=
function start_registry() {
# We can be invoked multiple times, e.g. from different subtests, but
# let's assume that once started we only kill it at the end of tests.
if [[ -n "$REGISTRY_PORT" ]]; then
return
fi

REGISTRY_PORT=$(random_port)
REGISTRY_USERNAME=u$(random_string 7)
REGISTRY_PASSWORD=p$(random_string 7)

local REGDIR=$WORKDIR/registry
local AUTHDIR=$REGDIR/auth
mkdir -p $AUTHDIR

mkdir -p ${REGDIR}/{root,runroot}
local PODMAN_REGISTRY_ARGS="--root ${REGDIR}/root --runroot ${REGDIR}/runroot"

# Give it three tries, to compensate for network flakes
podman ${PODMAN_REGISTRY_ARGS} pull $REGISTRY_IMAGE ||
podman ${PODMAN_REGISTRY_ARGS} pull $REGISTRY_IMAGE ||
podman ${PODMAN_REGISTRY_ARGS} pull $REGISTRY_IMAGE

# Create a local cert and credentials
# FIXME: is there a hidden "--quiet" flag? This is too noisy.
openssl req -newkey rsa:4096 -nodes -sha256 \
-keyout $AUTHDIR/domain.key -x509 -days 2 \
-out $AUTHDIR/domain.crt \
-subj "/C=US/ST=Foo/L=Bar/O=Red Hat, Inc./CN=registry host certificate" \
-addext subjectAltName=DNS:localhost
htpasswd -Bbn ${REGISTRY_USERNAME} ${REGISTRY_PASSWORD} \
> $AUTHDIR/htpasswd

# Run the registry, and wait for it to come up
podman ${PODMAN_REGISTRY_ARGS} run -d \
-p ${REGISTRY_PORT}:5000 \
--name registry \
-v $AUTHDIR:/auth:Z \
-e "REGISTRY_AUTH=htpasswd" \
-e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
-e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/auth/domain.crt \
-e REGISTRY_HTTP_TLS_KEY=/auth/domain.key \
${REGISTRY_IMAGE}

wait_for_port localhost $REGISTRY_PORT
}

function stop_registry() {
local REGDIR=${WORKDIR}/registry
if [[ -d $REGDIR ]]; then
local OPTS="--root ${REGDIR}/root --runroot ${REGDIR}/runroot"
podman $OPTS stop -f -t 0 -a

# rm/rmi are important when running rootless: without them we
# get EPERMS in tmpdir cleanup because files are owned by subuids.
podman $OPTS rm -f -a
podman $OPTS rmi -f -a
fi
}

#################
# random_port # Random open port; arg is range (min-max), default 5000-5999
#################
function random_port() {
local range=${1:-5000-5999}

local port
for port in $(shuf -i ${range}); do
if ! { exec 5<> /dev/tcp/127.0.0.1/$port; } &>/dev/null; then
echo $port
return
fi
done

die "Could not find open port in range $range"
}

###################
# random_string # Pseudorandom alphanumeric string of given length
###################
function random_string() {
local length=${1:-10}
head /dev/urandom | tr -dc a-zA-Z0-9 | head -c$length
}

###################
# wait_for_port # Returns once port is available on host
###################
Expand All @@ -341,8 +445,8 @@ function wait_for_port() {
# podman # Needed by some test scripts to invoke the actual podman binary
############
function podman() {
echo "\$ $PODMAN_BIN $*" >>$WORKDIR/output.log
$PODMAN_BIN --root $WORKDIR "$@" >>$WORKDIR/output.log 2>&1
echo "\$ $PODMAN_BIN $*" >>$WORKDIR/output.log
$PODMAN_BIN --root $WORKDIR/server_root "$@" >>$WORKDIR/output.log 2>&1
}

####################
Expand Down Expand Up @@ -412,9 +516,8 @@ if [ -n "$service_pid" ]; then
podman rm -a
podman rmi -af

# Stop the server
kill $service_pid
wait $service_pid
stop_registry
stop_service
fi

test_count=$(<$testcounter_file)
Expand Down