Browse code
c8d/integration-cli: Adjust DockerRegistryAuthTokenSuite
The auth service error response is not a part of the spec and containerd
doesn't parse it like the Docker's distribution does.
Check for containerd specific errors instead.
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
Paweł Gronowski authored on 2023/11/28 19:50:07Showing 1 changed files
| ... | ... |
@@ -16,6 +16,7 @@ import ( |
| 16 | 16 |
"github.com/docker/docker/integration-cli/cli" |
| 17 | 17 |
"github.com/docker/docker/integration-cli/cli/build" |
| 18 | 18 |
"gotest.tools/v3/assert" |
| 19 |
+ is "gotest.tools/v3/assert/cmp" |
|
| 19 | 20 |
"gotest.tools/v3/icmd" |
| 20 | 21 |
) |
| 21 | 22 |
|
| ... | ... |
@@ -262,8 +263,16 @@ func (s *DockerRegistryAuthTokenSuite) TestPushTokenServiceUnauthResponse(c *tes |
| 262 | 262 |
cli.DockerCmd(c, "tag", "busybox", imgRepo) |
| 263 | 263 |
out, _, err := dockerCmdWithError("push", imgRepo)
|
| 264 | 264 |
assert.ErrorContains(c, err, "", out) |
| 265 |
- assert.Assert(c, !strings.Contains(out, "Retrying")) |
|
| 266 |
- assert.Assert(c, strings.Contains(out, "unauthorized: a message")) |
|
| 265 |
+ |
|
| 266 |
+ assert.Check(c, !strings.Contains(out, "Retrying")) |
|
| 267 |
+ |
|
| 268 |
+ // Auth service errors are not part of the spec and containerd doesn't parse them. |
|
| 269 |
+ if testEnv.UsingSnapshotter() {
|
|
| 270 |
+ assert.Check(c, is.Contains(out, "failed to authorize: failed to fetch anonymous token")) |
|
| 271 |
+ assert.Check(c, is.Contains(out, "401 Unauthorized")) |
|
| 272 |
+ } else {
|
|
| 273 |
+ assert.Check(c, is.Contains(out, "unauthorized: a message")) |
|
| 274 |
+ } |
|
| 267 | 275 |
} |
| 268 | 276 |
|
| 269 | 277 |
func (s *DockerRegistryAuthTokenSuite) TestPushMisconfiguredTokenServiceResponseUnauthorized(c *testing.T) {
|
| ... | ... |
@@ -276,8 +285,15 @@ func (s *DockerRegistryAuthTokenSuite) TestPushMisconfiguredTokenServiceResponse |
| 276 | 276 |
out, _, err := dockerCmdWithError("push", imgRepo)
|
| 277 | 277 |
assert.ErrorContains(c, err, "", out) |
| 278 | 278 |
assert.Assert(c, !strings.Contains(out, "Retrying")) |
| 279 |
- split := strings.Split(out, "\n") |
|
| 280 |
- assert.Equal(c, split[len(split)-2], "unauthorized: authentication required") |
|
| 279 |
+ |
|
| 280 |
+ // Auth service errors are not part of the spec and containerd doesn't parse them. |
|
| 281 |
+ if testEnv.UsingSnapshotter() {
|
|
| 282 |
+ assert.Check(c, is.Contains(out, "failed to authorize: failed to fetch anonymous token")) |
|
| 283 |
+ assert.Check(c, is.Contains(out, "401 Unauthorized")) |
|
| 284 |
+ } else {
|
|
| 285 |
+ split := strings.Split(out, "\n") |
|
| 286 |
+ assert.Check(c, is.Contains(split[len(split)-2], "unauthorized: authentication required")) |
|
| 287 |
+ } |
|
| 281 | 288 |
} |
| 282 | 289 |
|
| 283 | 290 |
func (s *DockerRegistryAuthTokenSuite) TestPushMisconfiguredTokenServiceResponseError(c *testing.T) {
|
| ... | ... |
@@ -292,8 +308,15 @@ func (s *DockerRegistryAuthTokenSuite) TestPushMisconfiguredTokenServiceResponse |
| 292 | 292 |
// TODO: isolate test so that it can be guaranteed that the 503 will trigger xfer retries |
| 293 | 293 |
// assert.Assert(c, strings.Contains(out, "Retrying")) |
| 294 | 294 |
// assert.Assert(c, !strings.Contains(out, "Retrying in 15")) |
| 295 |
- split := strings.Split(out, "\n") |
|
| 296 |
- assert.Equal(c, split[len(split)-2], "toomanyrequests: out of tokens") |
|
| 295 |
+ |
|
| 296 |
+ // Auth service errors are not part of the spec and containerd doesn't parse them. |
|
| 297 |
+ if testEnv.UsingSnapshotter() {
|
|
| 298 |
+ assert.Check(c, is.Contains(out, "failed to authorize: failed to fetch anonymous token")) |
|
| 299 |
+ assert.Check(c, is.Contains(out, "503 Service Unavailable")) |
|
| 300 |
+ } else {
|
|
| 301 |
+ split := strings.Split(out, "\n") |
|
| 302 |
+ assert.Check(c, is.Equal(split[len(split)-2], "toomanyrequests: out of tokens")) |
|
| 303 |
+ } |
|
| 297 | 304 |
} |
| 298 | 305 |
|
| 299 | 306 |
func (s *DockerRegistryAuthTokenSuite) TestPushMisconfiguredTokenServiceResponseUnparsable(c *testing.T) {
|
| ... | ... |
@@ -305,9 +328,16 @@ func (s *DockerRegistryAuthTokenSuite) TestPushMisconfiguredTokenServiceResponse |
| 305 | 305 |
cli.DockerCmd(c, "tag", "busybox", imgRepo) |
| 306 | 306 |
out, _, err := dockerCmdWithError("push", imgRepo)
|
| 307 | 307 |
assert.ErrorContains(c, err, "", out) |
| 308 |
- assert.Assert(c, !strings.Contains(out, "Retrying")) |
|
| 309 |
- split := strings.Split(out, "\n") |
|
| 310 |
- assert.Assert(c, strings.Contains(split[len(split)-2], "error parsing HTTP 403 response body: ")) |
|
| 308 |
+ assert.Check(c, !strings.Contains(out, "Retrying")) |
|
| 309 |
+ |
|
| 310 |
+ // Auth service errors are not part of the spec and containerd doesn't parse them. |
|
| 311 |
+ if testEnv.UsingSnapshotter() {
|
|
| 312 |
+ assert.Check(c, is.Contains(out, "failed to authorize: failed to fetch anonymous token")) |
|
| 313 |
+ assert.Check(c, is.Contains(out, "403 Forbidden")) |
|
| 314 |
+ } else {
|
|
| 315 |
+ split := strings.Split(out, "\n") |
|
| 316 |
+ assert.Check(c, is.Contains(split[len(split)-2], "error parsing HTTP 403 response body: ")) |
|
| 317 |
+ } |
|
| 311 | 318 |
} |
| 312 | 319 |
|
| 313 | 320 |
func (s *DockerRegistryAuthTokenSuite) TestPushMisconfiguredTokenServiceResponseNoToken(c *testing.T) {
|
| ... | ... |
@@ -321,5 +351,5 @@ func (s *DockerRegistryAuthTokenSuite) TestPushMisconfiguredTokenServiceResponse |
| 321 | 321 |
assert.ErrorContains(c, err, "", out) |
| 322 | 322 |
assert.Assert(c, !strings.Contains(out, "Retrying")) |
| 323 | 323 |
split := strings.Split(out, "\n") |
| 324 |
- assert.Equal(c, split[len(split)-2], "authorization server did not include a token in the response") |
|
| 324 |
+ assert.Check(c, is.Contains(split[len(split)-2], "authorization server did not include a token in the response")) |
|
| 325 | 325 |
} |