226 lines
9.3 KiB
Go
226 lines
9.3 KiB
Go
package docker
|
|
|
|
import (
|
|
"bufio"
|
|
"bytes"
|
|
"net/http"
|
|
"testing"
|
|
|
|
"github.com/docker/distribution/registry/api/errcode"
|
|
v2 "github.com/docker/distribution/registry/api/v2"
|
|
"github.com/stretchr/testify/assert"
|
|
"github.com/stretchr/testify/require"
|
|
)
|
|
|
|
// NOTE: This test records expected text strings, but NEITHER the returned error types
|
|
// NOR the error texts are an API commitment subject to API stability expectations;
|
|
// they can change at any time for any reason.
|
|
func TestRegistryHTTPResponseToError(t *testing.T) {
|
|
var unwrappedUnexpectedHTTPResponseError *unexpectedHTTPResponseError
|
|
var unwrappedErrcodeError errcode.Error
|
|
for _, c := range []struct {
|
|
name string
|
|
response string
|
|
errorString string
|
|
errorType any // A value of the same type as the expected error, or nil
|
|
unwrappedErrorPtr any // A pointer to a value expected to be reachable using errors.As, or nil
|
|
errorCode *errcode.ErrorCode // A matching ErrorCode, or nil
|
|
fn func(t *testing.T, err error) // A more specialized test, or nil
|
|
}{
|
|
{
|
|
name: "HTTP status out of registry error range",
|
|
response: "HTTP/1.1 333 HTTP status out of range\r\n" +
|
|
"Header1: Value1\r\n" +
|
|
"\r\n" +
|
|
"Body of the request\r\n",
|
|
errorString: "received unexpected HTTP status: 333 HTTP status out of range",
|
|
errorType: UnexpectedHTTPStatusError{},
|
|
fn: func(t *testing.T, err error) {
|
|
expected := err.(UnexpectedHTTPStatusError)
|
|
assert.Equal(t, 333, expected.StatusCode)
|
|
},
|
|
},
|
|
{
|
|
name: "HTTP body not in expected format",
|
|
response: "HTTP/1.1 400 I don't like this request\r\n" +
|
|
"Header1: Value1\r\n" +
|
|
"\r\n" +
|
|
"<html><body>JSON? What JSON?</body></html>\r\n",
|
|
errorString: `StatusCode: 400, "<html><body>JSON? What JSON?</body></html>\r\n"`,
|
|
errorType: nil,
|
|
unwrappedErrorPtr: &unwrappedUnexpectedHTTPResponseError,
|
|
},
|
|
{
|
|
name: "401 body not in expected format",
|
|
response: "HTTP/1.1 401 I don't like this request\r\n" +
|
|
"Header1: Value1\r\n" +
|
|
"\r\n" +
|
|
"<html><body>JSON? What JSON?</body></html>\r\n",
|
|
errorString: "authentication required",
|
|
errorType: nil,
|
|
unwrappedErrorPtr: &unwrappedErrcodeError,
|
|
errorCode: &errcode.ErrorCodeUnauthorized,
|
|
},
|
|
{ // docker.io when an image is not found
|
|
name: "GET https://registry-1.docker.io/v2/library/this-does-not-exist/manifests/latest",
|
|
response: "HTTP/1.1 401 Unauthorized\r\n" +
|
|
"Connection: close\r\n" +
|
|
"Content-Length: 170\r\n" +
|
|
"Content-Type: application/json\r\n" +
|
|
"Date: Thu, 12 Aug 2021 20:11:01 GMT\r\n" +
|
|
"Docker-Distribution-Api-Version: registry/2.0\r\n" +
|
|
"Strict-Transport-Security: max-age=31536000\r\n" +
|
|
"Www-Authenticate: Bearer realm=\"https://auth.docker.io/token\",service=\"registry.docker.io\",scope=\"repository:library/this-does-not-exist:pull\",error=\"insufficient_scope\"\r\n" +
|
|
"\r\n" +
|
|
"{\"errors\":[{\"code\":\"UNAUTHORIZED\",\"message\":\"authentication required\",\"detail\":[{\"Type\":\"repository\",\"Class\":\"\",\"Name\":\"library/this-does-not-exist\",\"Action\":\"pull\"}]}]}\n",
|
|
errorString: "requested access to the resource is denied",
|
|
errorType: nil,
|
|
unwrappedErrorPtr: &unwrappedErrcodeError,
|
|
errorCode: &errcode.ErrorCodeDenied,
|
|
},
|
|
{ // docker.io when a tag is not found
|
|
name: "GET https://registry-1.docker.io/v2/library/busybox/manifests/this-does-not-exist",
|
|
response: "HTTP/1.1 404 Not Found\r\n" +
|
|
"Connection: close\r\n" +
|
|
"Content-Length: 109\r\n" +
|
|
"Content-Type: application/json\r\n" +
|
|
"Date: Thu, 12 Aug 2021 20:51:32 GMT\r\n" +
|
|
"Docker-Distribution-Api-Version: registry/2.0\r\n" +
|
|
"Ratelimit-Limit: 100;w=21600\r\n" +
|
|
"Ratelimit-Remaining: 100;w=21600\r\n" +
|
|
"Strict-Transport-Security: max-age=31536000\r\n" +
|
|
"\r\n" +
|
|
"{\"errors\":[{\"code\":\"MANIFEST_UNKNOWN\",\"message\":\"manifest unknown\",\"detail\":{\"Tag\":\"this-does-not-exist\"}}]}\n",
|
|
errorString: "manifest unknown",
|
|
errorType: nil,
|
|
unwrappedErrorPtr: &unwrappedErrcodeError,
|
|
errorCode: &v2.ErrorCodeManifestUnknown,
|
|
},
|
|
{ // public.ecr.aws does not implement tag list
|
|
name: "GET https://public.ecr.aws/v2/nginx/nginx/tags/list",
|
|
response: "HTTP/1.1 404 Not Found\r\n" +
|
|
"Connection: close\r\n" +
|
|
"Content-Length: 65\r\n" +
|
|
"Content-Type: application/json; charset=utf-8\r\n" +
|
|
"Date: Tue, 06 Sep 2022 21:19:02 GMT\r\n" +
|
|
"Docker-Distribution-Api-Version: registry/2.0\r\n" +
|
|
"\r\n" +
|
|
"{\"errors\":[{\"code\":\"NOT_FOUND\",\"message\":\"404 page not found\"}]}\r\n",
|
|
errorString: "unknown: 404 page not found",
|
|
errorType: nil,
|
|
unwrappedErrorPtr: &unwrappedErrcodeError,
|
|
errorCode: &errcode.ErrorCodeUnknown,
|
|
fn: func(t *testing.T, err error) {
|
|
var e errcode.Error
|
|
require.ErrorAs(t, err, &e)
|
|
// Note: (skopeo inspect) is checking for this errcode.Error value
|
|
assert.Equal(t, errcode.Error{
|
|
Code: errcode.ErrorCodeUnknown, // The NOT_FOUND value is not defined, and turns into Unknown
|
|
Message: "404 page not found",
|
|
Detail: nil,
|
|
}, e)
|
|
},
|
|
},
|
|
{ // registry.redhat.io is not compliant, variant 1: invalid "code" value
|
|
name: "registry.redhat.io/v2/this-does-not-exist/manifests/latest",
|
|
response: "HTTP/1.1 404 Not Found\r\n" +
|
|
"Connection: close\r\n" +
|
|
"Content-Length: 53\r\n" +
|
|
"Cache-Control: max-age=0, no-cache, no-store\r\n" +
|
|
"Content-Type: application/json\r\n" +
|
|
"Date: Thu, 13 Oct 2022 18:15:15 GMT\r\n" +
|
|
"Expires: Thu, 13 Oct 2022 18:15:15 GMT\r\n" +
|
|
"Pragma: no-cache\r\n" +
|
|
"Server: Apache\r\n" +
|
|
"Strict-Transport-Security: max-age=63072000; includeSubdomains; preload\r\n" +
|
|
"X-Hostname: crane-tbr06.cran-001.prod.iad2.dc.redhat.com\r\n" +
|
|
"\r\n" +
|
|
"{\"errors\": [{\"code\": \"404\", \"message\": \"Not Found\"}]}\r\n",
|
|
errorString: "unknown: Not Found",
|
|
errorType: errcode.Error{},
|
|
unwrappedErrorPtr: &unwrappedErrcodeError,
|
|
errorCode: &errcode.ErrorCodeUnknown,
|
|
fn: func(t *testing.T, err error) {
|
|
var e errcode.Error
|
|
require.ErrorAs(t, err, &e)
|
|
// isManifestUnknownError is checking for this
|
|
assert.Equal(t, errcode.Error{
|
|
Code: errcode.ErrorCodeUnknown, // The 404 value is not defined, and turns into Unknown
|
|
Message: "Not Found",
|
|
Detail: nil,
|
|
}, e)
|
|
},
|
|
},
|
|
{ // registry.redhat.io is not compliant, variant 2: a completely out-of-protocol response
|
|
name: "registry.redhat.io/v2/rhosp15-rhel8/openstack-cron/manifests/sha256-8df5e60c42668706ac108b59c559b9187fa2de7e4e262e2967e3e9da35d5a8d7.sig",
|
|
response: "HTTP/1.1 404 Not Found\r\n" +
|
|
"Connection: close\r\n" +
|
|
"Content-Length: 10\r\n" +
|
|
"Accept-Ranges: bytes\r\n" +
|
|
"Date: Thu, 13 Oct 2022 18:13:53 GMT\r\n" +
|
|
"Server: AkamaiNetStorage\r\n" +
|
|
"X-Docker-Size: -1\r\n" +
|
|
"\r\n" +
|
|
"Not found\r\n",
|
|
errorString: `StatusCode: 404, "Not found\r"`,
|
|
errorType: nil,
|
|
unwrappedErrorPtr: &unwrappedUnexpectedHTTPResponseError,
|
|
fn: func(t *testing.T, err error) {
|
|
var e *unexpectedHTTPResponseError
|
|
require.ErrorAs(t, err, &e)
|
|
// isManifestUnknownError is checking for this
|
|
assert.Equal(t, 404, e.StatusCode)
|
|
assert.Equal(t, []byte("Not found\r"), e.Response)
|
|
},
|
|
},
|
|
{ // Harbor v2.10.2 uses an unspecified NOT_FOUND error code
|
|
name: "Harbor v2.10.2 manifest not found",
|
|
response: "HTTP/1.1 404 Not Found\r\n" +
|
|
"Content-Length: 153\r\n" +
|
|
"Connection: keep-alive\r\n" +
|
|
"Content-Type: application/json; charset=utf-8\r\n" +
|
|
"Date: Wed, 08 May 2024 08:14:59 GMT\r\n" +
|
|
"Server: nginx\r\n" +
|
|
"Set-Cookie: sid=f617c257877837614ada2561513d6827; Path=/; HttpOnly\r\n" +
|
|
"X-Request-Id: 1b151fb1-c943-4190-a9ce-5156ed5e3200\r\n" +
|
|
"\r\n" +
|
|
"{\"errors\":[{\"code\":\"NOT_FOUND\",\"message\":\"artifact test/alpine:sha256-443205b0cfcc78444321d56a2fe273f06e27b2c72b5058f8d7e975997d45b015.sig not found\"}]}\n",
|
|
errorString: "unknown: artifact test/alpine:sha256-443205b0cfcc78444321d56a2fe273f06e27b2c72b5058f8d7e975997d45b015.sig not found",
|
|
errorType: errcode.Error{},
|
|
unwrappedErrorPtr: &unwrappedErrcodeError,
|
|
errorCode: &errcode.ErrorCodeUnknown,
|
|
fn: func(t *testing.T, err error) {
|
|
var e errcode.Error
|
|
require.ErrorAs(t, err, &e)
|
|
// isManifestUnknownError is checking for this
|
|
assert.Equal(t, errcode.Error{
|
|
Code: errcode.ErrorCodeUnknown, // The NOT_FOUND value is not defined, and turns into Unknown
|
|
Message: "artifact test/alpine:sha256-443205b0cfcc78444321d56a2fe273f06e27b2c72b5058f8d7e975997d45b015.sig not found",
|
|
Detail: nil,
|
|
}, e)
|
|
},
|
|
},
|
|
} {
|
|
res, err := http.ReadResponse(bufio.NewReader(bytes.NewReader([]byte(c.response))), nil)
|
|
require.NoError(t, err, c.name)
|
|
defer res.Body.Close()
|
|
|
|
err = registryHTTPResponseToError(res)
|
|
assert.Equal(t, c.errorString, err.Error(), c.name)
|
|
if c.errorType != nil {
|
|
assert.IsType(t, c.errorType, err, c.name)
|
|
}
|
|
if c.unwrappedErrorPtr != nil {
|
|
assert.ErrorAs(t, err, c.unwrappedErrorPtr, c.name)
|
|
}
|
|
if c.errorCode != nil {
|
|
var ec errcode.ErrorCoder
|
|
require.ErrorAs(t, err, &ec, c.name)
|
|
assert.Equal(t, *c.errorCode, ec.ErrorCode(), c.name)
|
|
}
|
|
if c.fn != nil {
|
|
c.fn(t, err)
|
|
}
|
|
}
|
|
}
|