verify image pull with authentication to local registry

Author: j143

adr-003-docker-image-download.md

@@ -57,57 +57,33 @@ The following diagram illustrates the current stage of implementation and the en
 
 ```mermaid
 graph TD
-    A[Current Stage: Simulated Image Fetching] --> B[Intermediate Stage: Registry Integration]
-    B --> C[End Goal: Full Docker Image Support]
-
-    %% Current Stage
-    subgraph Current
-        A1[Simulated Fetching Logic]
-        A2[Basic Image Listing]
-        A3[Placeholder Pull Function]
-        A4[Load Images from .tar Files]
-        A5[Run Locally Loaded Images]
-        A6[Manifest Parsing]
-    end
-
-    %% Intermediate Stage
-    subgraph Intermediate
-        B1[Registry Interface Implementation]
-        B2[Layer Downloading]
-    end
-
-    %% End Goal
-    subgraph EndGoal
-        C1[Full Registry Authentication]
-        C2[Layer Verification]
-        C3[Layer Extraction]
-        C4[Root Filesystem Creation]
-    end
-
-    %% Connections
-    A --> B1
-    B1 --> B2
-    B2 --> C1
-    C1 --> C2
-    C2 --> C3
-    C3 --> C4
+    A[Simulated Fetching Logic]:::implemented --> B[Registry Interface Implementation]:::implemented
+    B --> C[Layer Downloading]:::inprogress
+    C --> D[Full Registry Authentication]:::notstarted
+    D --> E[Layer Verification]:::notstarted
+    E --> F[Layer Extraction]:::notstarted
+    F --> G[Root Filesystem Creation]:::notstarted
+
+    %% Styles
+    classDef implemented fill:#a8d08d,stroke:#000,stroke-width:2px;
+    classDef inprogress fill:#ffe699,stroke:#000,stroke-width:2px;
+    classDef notstarted fill:#f4cccc,stroke:#000,stroke-width:2px;
 ```
 
 ### Explanation of Stages
 
-1. **Current Stage**:
+1. **Implemented**:
    - Simulated fetching logic is used to mimic image downloads.
    - Basic image listing functionality is implemented.
    - The `Pull` function exists as a placeholder without real registry interaction.
    - Added support for loading images from `.tar` files.
    - Added functionality to run locally loaded images.
-   - Manifest parsing is now part of the current stage.
+   - Registry interface implementation for local registries is complete.
 
-2. **Intermediate Stage**:
-   - Introduce a `Registry` interface to abstract interactions with container registries.
+2. **In Progress**:
    - Add functionality for downloading image layers from registries.
 
-3. **End Goal**:
+3. **Not Started**:
    - Support full registry authentication, including private registries.
    - Verify the integrity of downloaded layers using checksums.
    - Extract layers to create a functional root filesystem for containers.

verify.sh

@@ -52,6 +52,58 @@ echo -e "\n\n==== Deleting Network ===="
 echo -e "\n\n==== Listing Networks After Deletion ===="
 ./basic-docker network-list
 
+# Function to clean up resources on exit
+cleanup() {
+  echo "Cleaning up..."
+  docker stop registry &>/dev/null
+  docker rm registry &>/dev/null
+  rm -rf auth
+  echo "Cleanup completed."
+}
+
+# Trap to ensure cleanup on script exit
+trap cleanup EXIT
+
+# Step 1: Start a local Docker registry with authentication
+echo "Starting local Docker registry with authentication..."
+mkdir -p auth
+if ! docker run --entrypoint htpasswd httpd:2 -Bbn user password > auth/htpasswd; then
+    echo "Error: Failed to create htpasswd file." >&2
+    exit 1
+fi
+docker run -d -p 5000:5000 --name registry \
+  -v $(pwd)/auth:/auth \
+  -e "REGISTRY_AUTH=htpasswd" \
+  -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
+  -e "REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd" \
+  registry:2
+
+# Step 2: Tag and push an image to the local registry with authentication
+echo "Tagging and pushing an image to the local registry with authentication..."
+docker tag alpine:latest localhost:5000/alpine
+docker login localhost:5000 -u user -p password
+docker push localhost:5000/alpine
+
+# Step 3: Verify the image in the local registry
+echo "Verifying the image in the local registry..."
+catalog=$(curl -s -u user:password -X GET http://localhost:5000/v2/_catalog)
+echo "Registry catalog: $catalog"
+
+# Step 4: Use basic-docker to pull and run the image from the local registry
+echo "Using basic-docker to pull and run the image from the local registry..."
+if ./basic-docker run user:password@localhost:5000/alpine /bin/sh -c "echo Hello from authenticated local registry"; then
+    echo "basic-docker successfully pulled and ran the image."
+else
+    echo "Error: basic-docker failed to pull or run the image." >&2
+    exit 1
+fi
+
+# Step 5: Check logs for authentication
+echo "Checking logs for authentication..."
+docker logs registry | grep "user"
+
+echo "Script completed successfully."
+
 # Clean up temporary directories
 rm -rf "$BASE_DIR"