Signed-off-by: Antonio Murdaca <runcom@redhat.com>
Antonio Murdaca authored on 2016/01/24 03:45:01... | ... |
@@ -49,7 +49,7 @@ type DockerRegistrySuite struct { |
49 | 49 |
|
50 | 50 |
func (s *DockerRegistrySuite) SetUpTest(c *check.C) { |
51 | 51 |
testRequires(c, DaemonIsLinux) |
52 |
- s.reg = setupRegistry(c, false) |
|
52 |
+ s.reg = setupRegistry(c, false, false) |
|
53 | 53 |
s.d = NewDaemon(c) |
54 | 54 |
} |
55 | 55 |
|
... | ... |
@@ -77,7 +77,7 @@ type DockerSchema1RegistrySuite struct { |
77 | 77 |
|
78 | 78 |
func (s *DockerSchema1RegistrySuite) SetUpTest(c *check.C) { |
79 | 79 |
testRequires(c, DaemonIsLinux) |
80 |
- s.reg = setupRegistry(c, true) |
|
80 |
+ s.reg = setupRegistry(c, true, false) |
|
81 | 81 |
s.d = NewDaemon(c) |
82 | 82 |
} |
83 | 83 |
|
... | ... |
@@ -92,6 +92,36 @@ func (s *DockerSchema1RegistrySuite) TearDownTest(c *check.C) { |
92 | 92 |
} |
93 | 93 |
|
94 | 94 |
func init() { |
95 |
+ check.Suite(&DockerRegistryAuthSuite{ |
|
96 |
+ ds: &DockerSuite{}, |
|
97 |
+ }) |
|
98 |
+} |
|
99 |
+ |
|
100 |
+type DockerRegistryAuthSuite struct { |
|
101 |
+ ds *DockerSuite |
|
102 |
+ reg *testRegistryV2 |
|
103 |
+ d *Daemon |
|
104 |
+} |
|
105 |
+ |
|
106 |
+func (s *DockerRegistryAuthSuite) SetUpTest(c *check.C) { |
|
107 |
+ testRequires(c, DaemonIsLinux) |
|
108 |
+ s.reg = setupRegistry(c, false, true) |
|
109 |
+ s.d = NewDaemon(c) |
|
110 |
+} |
|
111 |
+ |
|
112 |
+func (s *DockerRegistryAuthSuite) TearDownTest(c *check.C) { |
|
113 |
+ if s.reg != nil { |
|
114 |
+ out, err := s.d.Cmd("logout", privateRegistryURL) |
|
115 |
+ c.Assert(err, check.IsNil, check.Commentf(out)) |
|
116 |
+ s.reg.Close() |
|
117 |
+ } |
|
118 |
+ if s.d != nil { |
|
119 |
+ s.d.Stop() |
|
120 |
+ } |
|
121 |
+ s.ds.TearDownTest(c) |
|
122 |
+} |
|
123 |
+ |
|
124 |
+func init() { |
|
95 | 125 |
check.Suite(&DockerDaemonSuite{ |
96 | 126 |
ds: &DockerSuite{}, |
97 | 127 |
}) |
... | ... |
@@ -128,7 +158,7 @@ type DockerTrustSuite struct { |
128 | 128 |
} |
129 | 129 |
|
130 | 130 |
func (s *DockerTrustSuite) SetUpTest(c *check.C) { |
131 |
- s.reg = setupRegistry(c, false) |
|
131 |
+ s.reg = setupRegistry(c, false, false) |
|
132 | 132 |
s.not = setupNotary(c) |
133 | 133 |
} |
134 | 134 |
|
... | ... |
@@ -17,5 +17,14 @@ func (s *DockerSuite) TestLoginWithoutTTY(c *check.C) { |
17 | 17 |
// run the command and block until it's done |
18 | 18 |
err := cmd.Run() |
19 | 19 |
c.Assert(err, checker.NotNil) //"Expected non nil err when loginning in & TTY not available" |
20 |
+} |
|
21 |
+ |
|
22 |
+func (s *DockerRegistryAuthSuite) TestLoginToPrivateRegistry(c *check.C) { |
|
23 |
+ // wrong credentials |
|
24 |
+ out, _, err := dockerCmdWithError("login", "-u", s.reg.username, "-p", "WRONGPASSWORD", "-e", s.reg.email, privateRegistryURL) |
|
25 |
+ c.Assert(err, checker.NotNil, check.Commentf(out)) |
|
26 |
+ c.Assert(out, checker.Contains, "401 Unauthorized") |
|
20 | 27 |
|
28 |
+ // now it's fine |
|
29 |
+ dockerCmd(c, "login", "-u", s.reg.username, "-p", s.reg.password, "-e", s.reg.email, privateRegistryURL) |
|
21 | 30 |
} |
... | ... |
@@ -1554,9 +1554,9 @@ func daemonTime(c *check.C) time.Time { |
1554 | 1554 |
return dt |
1555 | 1555 |
} |
1556 | 1556 |
|
1557 |
-func setupRegistry(c *check.C, schema1 bool) *testRegistryV2 { |
|
1557 |
+func setupRegistry(c *check.C, schema1, auth bool) *testRegistryV2 { |
|
1558 | 1558 |
testRequires(c, RegistryHosting) |
1559 |
- reg, err := newTestRegistryV2(c, schema1) |
|
1559 |
+ reg, err := newTestRegistryV2(c, schema1, auth) |
|
1560 | 1560 |
c.Assert(err, check.IsNil) |
1561 | 1561 |
|
1562 | 1562 |
// Wait for registry to be ready to serve requests. |
... | ... |
@@ -18,28 +18,55 @@ const ( |
18 | 18 |
) |
19 | 19 |
|
20 | 20 |
type testRegistryV2 struct { |
21 |
- cmd *exec.Cmd |
|
22 |
- dir string |
|
21 |
+ cmd *exec.Cmd |
|
22 |
+ dir string |
|
23 |
+ username string |
|
24 |
+ password string |
|
25 |
+ email string |
|
23 | 26 |
} |
24 | 27 |
|
25 |
-func newTestRegistryV2(c *check.C, schema1 bool) (*testRegistryV2, error) { |
|
28 |
+func newTestRegistryV2(c *check.C, schema1, auth bool) (*testRegistryV2, error) { |
|
29 |
+ tmp, err := ioutil.TempDir("", "registry-test-") |
|
30 |
+ if err != nil { |
|
31 |
+ return nil, err |
|
32 |
+ } |
|
26 | 33 |
template := `version: 0.1 |
27 | 34 |
loglevel: debug |
28 | 35 |
storage: |
29 | 36 |
filesystem: |
30 | 37 |
rootdirectory: %s |
31 | 38 |
http: |
32 |
- addr: %s` |
|
33 |
- tmp, err := ioutil.TempDir("", "registry-test-") |
|
34 |
- if err != nil { |
|
35 |
- return nil, err |
|
39 |
+ addr: %s |
|
40 |
+%s` |
|
41 |
+ var ( |
|
42 |
+ htpasswd string |
|
43 |
+ username string |
|
44 |
+ password string |
|
45 |
+ email string |
|
46 |
+ ) |
|
47 |
+ if auth { |
|
48 |
+ htpasswdPath := filepath.Join(tmp, "htpasswd") |
|
49 |
+ // generated with: htpasswd -Bbn testuser testpassword |
|
50 |
+ userpasswd := "testuser:$2y$05$sBsSqk0OpSD1uTZkHXc4FeJ0Z70wLQdAX/82UiHuQOKbNbBrzs63m" |
|
51 |
+ username = "testuser" |
|
52 |
+ password = "testpassword" |
|
53 |
+ email = "test@test.org" |
|
54 |
+ if err := ioutil.WriteFile(htpasswdPath, []byte(userpasswd), os.FileMode(0644)); err != nil { |
|
55 |
+ return nil, err |
|
56 |
+ } |
|
57 |
+ htpasswd = fmt.Sprintf(`auth: |
|
58 |
+ htpasswd: |
|
59 |
+ realm: basic-realm |
|
60 |
+ path: %s |
|
61 |
+`, htpasswdPath) |
|
36 | 62 |
} |
63 |
+ |
|
37 | 64 |
confPath := filepath.Join(tmp, "config.yaml") |
38 | 65 |
config, err := os.Create(confPath) |
39 | 66 |
if err != nil { |
40 | 67 |
return nil, err |
41 | 68 |
} |
42 |
- if _, err := fmt.Fprintf(config, template, tmp, privateRegistryURL); err != nil { |
|
69 |
+ if _, err := fmt.Fprintf(config, template, tmp, privateRegistryURL, htpasswd); err != nil { |
|
43 | 70 |
os.RemoveAll(tmp) |
44 | 71 |
return nil, err |
45 | 72 |
} |
... | ... |
@@ -57,8 +84,11 @@ http: |
57 | 57 |
return nil, err |
58 | 58 |
} |
59 | 59 |
return &testRegistryV2{ |
60 |
- cmd: cmd, |
|
61 |
- dir: tmp, |
|
60 |
+ cmd: cmd, |
|
61 |
+ dir: tmp, |
|
62 |
+ username: username, |
|
63 |
+ password: password, |
|
64 |
+ email: email, |
|
62 | 65 |
}, nil |
63 | 66 |
} |
64 | 67 |
|
... | ... |
@@ -68,7 +98,14 @@ func (t *testRegistryV2) Ping() error { |
68 | 68 |
if err != nil { |
69 | 69 |
return err |
70 | 70 |
} |
71 |
- if resp.StatusCode != http.StatusOK { |
|
71 |
+ resp.Body.Close() |
|
72 |
+ |
|
73 |
+ fail := resp.StatusCode != http.StatusOK |
|
74 |
+ if t.username != "" { |
|
75 |
+ // unauthorized is a _good_ status when pinging v2/ and it needs auth |
|
76 |
+ fail = fail && resp.StatusCode != http.StatusUnauthorized |
|
77 |
+ } |
|
78 |
+ if fail { |
|
72 | 79 |
return fmt.Errorf("registry ping replied with an unexpected status code %d", resp.StatusCode) |
73 | 80 |
} |
74 | 81 |
return nil |