Merge pull request #9669 from edsantiago/apiv2_registry

apiv2 tests: add helpers to start/stop a local registry
This commit is contained in:
OpenShift Merge Robot 2021-03-10 10:10:48 +01:00 committed by GitHub
commit d98b55f03b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 138 additions and 6 deletions

29
test/apiv2/60-auth.at Normal file
View File

@ -0,0 +1,29 @@
# -*- sh -*-
#
# registry-related tests
#
start_registry
# FIXME FIXME FIXME: remove the 'if false' for use with PR 9589
if false; then
# FIXME FIXME: please forgive the horrible POST params format; I have an
# upcoming PR which should fix that.
# Test with wrong password. Confirm bad status and appropriate error message
t POST /v1.40/auth "\"username\":\"${REGISTRY_USERNAME}\",\"password\":\"WrOnGPassWord\",\"serveraddress\":\"localhost:$REGISTRY_PORT/\"" \
400 \
.Status~'.* invalid username/password'
# Test with the right password. Confirm status message and reasonable token
t POST /v1.40/auth "\"username\":\"${REGISTRY_USERNAME}\",\"password\":\"${REGISTRY_PASSWORD}\",\"serveraddress\":\"localhost:$REGISTRY_PORT/\"" \
200 \
.Status="Login Succeeded" \
.IdentityToken~[a-zA-Z0-9]
# FIXME: now what? Try something-something using that token?
token=$(jq -r .IdentityToken <<<"$output")
# ...
fi # FIXME FIXME FIXME: remove when working

View File

@ -17,6 +17,8 @@ PODMAN_TEST_IMAGE_FQN="$PODMAN_TEST_IMAGE_REGISTRY/$PODMAN_TEST_IMAGE_USER/$PODM
IMAGE=$PODMAN_TEST_IMAGE_FQN
REGISTRY_IMAGE="${PODMAN_TEST_IMAGE_REGISTRY}/${PODMAN_TEST_IMAGE_USER}/registry:2.7"
# END stuff you can but probably shouldn't customize
###############################################################################
# BEGIN setup
@ -313,13 +315,115 @@ function start_service() {
die "Cannot start service on non-localhost ($HOST)"
fi
$PODMAN_BIN --root $WORKDIR system service --time 15 tcp:127.0.0.1:$PORT \
$PODMAN_BIN --root $WORKDIR/server_root system service \
--time 15 \
tcp:127.0.0.1:$PORT \
&> $WORKDIR/server.log &
service_pid=$!
wait_for_port $HOST $PORT
}
function stop_service() {
# Stop the server
if [[ -n $service_pid ]]; then
kill $service_pid
wait $service_pid
fi
}
####################
# start_registry # Run a local registry
####################
REGISTRY_PORT=
REGISTRY_USERNAME=
REGISTRY_PASSWORD=
function start_registry() {
# We can be invoked multiple times, e.g. from different subtests, but
# let's assume that once started we only kill it at the end of tests.
if [[ -n "$REGISTRY_PORT" ]]; then
return
fi
REGISTRY_PORT=$(random_port)
REGISTRY_USERNAME=u$(random_string 7)
REGISTRY_PASSWORD=p$(random_string 7)
local REGDIR=$WORKDIR/registry
local AUTHDIR=$REGDIR/auth
mkdir -p $AUTHDIR
mkdir -p ${REGDIR}/{root,runroot}
local PODMAN_REGISTRY_ARGS="--root ${REGDIR}/root --runroot ${REGDIR}/runroot"
# Give it three tries, to compensate for network flakes
podman ${PODMAN_REGISTRY_ARGS} pull $REGISTRY_IMAGE ||
podman ${PODMAN_REGISTRY_ARGS} pull $REGISTRY_IMAGE ||
podman ${PODMAN_REGISTRY_ARGS} pull $REGISTRY_IMAGE
# Create a local cert and credentials
# FIXME: is there a hidden "--quiet" flag? This is too noisy.
openssl req -newkey rsa:4096 -nodes -sha256 \
-keyout $AUTHDIR/domain.key -x509 -days 2 \
-out $AUTHDIR/domain.crt \
-subj "/C=US/ST=Foo/L=Bar/O=Red Hat, Inc./CN=registry host certificate" \
-addext subjectAltName=DNS:localhost
htpasswd -Bbn ${REGISTRY_USERNAME} ${REGISTRY_PASSWORD} \
> $AUTHDIR/htpasswd
# Run the registry, and wait for it to come up
podman ${PODMAN_REGISTRY_ARGS} run -d \
-p ${REGISTRY_PORT}:5000 \
--name registry \
-v $AUTHDIR:/auth:Z \
-e "REGISTRY_AUTH=htpasswd" \
-e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
-e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/auth/domain.crt \
-e REGISTRY_HTTP_TLS_KEY=/auth/domain.key \
${REGISTRY_IMAGE}
wait_for_port localhost $REGISTRY_PORT
}
function stop_registry() {
local REGDIR=${WORKDIR}/registry
if [[ -d $REGDIR ]]; then
local OPTS="--root ${REGDIR}/root --runroot ${REGDIR}/runroot"
podman $OPTS stop -f -t 0 -a
# rm/rmi are important when running rootless: without them we
# get EPERMS in tmpdir cleanup because files are owned by subuids.
podman $OPTS rm -f -a
podman $OPTS rmi -f -a
fi
}
#################
# random_port # Random open port; arg is range (min-max), default 5000-5999
#################
function random_port() {
local range=${1:-5000-5999}
local port
for port in $(shuf -i ${range}); do
if ! { exec 5<> /dev/tcp/127.0.0.1/$port; } &>/dev/null; then
echo $port
return
fi
done
die "Could not find open port in range $range"
}
###################
# random_string # Pseudorandom alphanumeric string of given length
###################
function random_string() {
local length=${1:-10}
head /dev/urandom | tr -dc a-zA-Z0-9 | head -c$length
}
###################
# wait_for_port # Returns once port is available on host
###################
@ -342,7 +446,7 @@ function wait_for_port() {
############
function podman() {
echo "\$ $PODMAN_BIN $*" >>$WORKDIR/output.log
$PODMAN_BIN --root $WORKDIR "$@" >>$WORKDIR/output.log 2>&1
$PODMAN_BIN --root $WORKDIR/server_root "$@" >>$WORKDIR/output.log 2>&1
}
####################
@ -412,9 +516,8 @@ if [ -n "$service_pid" ]; then
podman rm -a
podman rmi -af
# Stop the server
kill $service_pid
wait $service_pid
stop_registry
stop_service
fi
test_count=$(<$testcounter_file)