|
4 | 4 | set -x |
5 | 5 | export SHELLOPTS |
6 | 6 |
|
7 | | -CLUSTER_NAME=test-cluster |
8 | | - |
9 | | -function fix_base64() { |
10 | | - if command -v gbase64 >/dev/null 2>&1 ; then |
11 | | - gbase64 "$@" |
12 | | - else |
13 | | - base64 "$@" |
14 | | - fi |
15 | | -} |
16 | | - |
17 | | -ORG=test-org |
18 | | -PROJECT=test-project |
19 | | - |
20 | | -function generate_user_token() { |
21 | | - local name=$1 |
22 | | - local auth_container=$(docker ps --filter name=auth_server -q) |
23 | | - docker exec $auth_container platform-auth-make-token $name |
24 | | -} |
25 | | - |
26 | | -function create_regular_user() { |
27 | | - local name=$1 |
28 | | - local data="{\"name\": \"$name\"}" |
29 | | - curl --fail --data "$data" -H "Authorization: Bearer $ADMIN_TOKEN" \ |
30 | | - http://localhost:5003/api/v1/users |
31 | | - # Grant permissions to the user images |
32 | | - local url="http://localhost:5003/api/v1/users/$name/permissions" |
33 | | - local data="[{\"uri\":\"image://$CLUSTER_NAME/$ORG\",\"action\":\"manage\"}]" |
34 | | - curl -s -X POST -H "Authorization: Bearer $ADMIN_TOKEN" -d "$data" $url --fail |
35 | | -} |
36 | | - |
37 | | -function share_resource_on_read() { |
38 | | - local resource=$1 |
39 | | - local who_token=$2 |
40 | | - local whom=$3 |
41 | | - local url="http://localhost:5003/api/v1/users/$whom/permissions" |
42 | | - local data="[{\"uri\":$resource,\"action\":\"read\"}]" |
43 | | - curl -s -X POST -H "Authorization: Bearer $who_token" -d "$data" $url --fail |
44 | | -} |
45 | | - |
46 | | -function wait_for_registry() { |
47 | | - local cmd="curl http://127.0.0.1:5000/v2/ &> /dev/null" |
48 | | - # this for loop waits until the registry api is available |
49 | | - for _ in {1..150}; do # timeout for 5 minutes |
50 | | - if eval "$cmd"; then |
51 | | - break |
52 | | - fi |
53 | | - sleep 2 |
54 | | - done |
55 | | -} |
56 | | - |
57 | | - |
58 | | -function docker_login() { |
59 | | - local name=$1 |
60 | | - local token=$2 |
61 | | - docker login -u $name -p $token 127.0.0.1:5000 |
62 | | -} |
63 | | - |
64 | | -function test_push_catalog_pull() { |
65 | | - echo -e "\n" |
66 | | - |
67 | | - local name=$(uuidgen | awk '{print tolower($0)}') |
68 | | - local token=$(generate_user_token $name) |
69 | | - create_regular_user $name |
70 | | - docker_login $name $token |
71 | | - local repo_path="$ORG/$PROJECT" |
72 | | - |
73 | | - echo "step 1: pull non existent" |
74 | | - local output=$(docker pull 127.0.0.1:5000/$repo_path/unknown:latest 2>&1) |
75 | | - [[ $output == *"manifest for 127.0.0.1:5000/$repo_path/unknown:latest not found"* ]] |
76 | | - |
77 | | - echo "step 2: remove images and check catalog" |
78 | | - docker rmi ubuntu:latest 127.0.0.1:5000/$repo_path/ubuntu:latest || : |
79 | | - docker rmi alpine:latest 127.0.0.1:5000/$repo_path/alpine:latest || : |
80 | | - test_catalog $name $token "" |
81 | | - |
82 | | - echo "step 3: push ubuntu, check catalog" |
83 | | - docker_tag_push $name $token "ubuntu" |
84 | | - local expected="\"$repo_path/ubuntu\"" |
85 | | - test_catalog $name $token "$expected" |
86 | | - test_repo_tags_list $name $token "$repo_path/ubuntu" |
87 | | - |
88 | | - echo "step 4: push alpine, check catalog" |
89 | | - docker_tag_push $name $token "alpine" |
90 | | - local expected="\"$repo_path/alpine\", \"$repo_path/ubuntu\"" |
91 | | - test_catalog $name $token "$expected" |
92 | | - |
93 | | - echo "step 5: remove ubuntu, check pull" |
94 | | - docker rmi ubuntu:latest |
95 | | - docker pull 127.0.0.1:5000/$repo_path/ubuntu:latest |
96 | | - |
97 | | - echo "step 6: remove alpine, check pull" |
98 | | - docker rmi alpine:latest |
99 | | - docker pull 127.0.0.1:5000/$repo_path/alpine:latest |
100 | | -} |
101 | | - |
102 | | - |
103 | | -function docker_tag_push() { |
104 | | - local name=$1 |
105 | | - local token=$2 |
106 | | - local image=$3 |
107 | | - docker pull $image:latest |
108 | | - docker tag $image:latest 127.0.0.1:5000/$ORG/$PROJECT/$image:latest |
109 | | - docker push 127.0.0.1:5000/$ORG/$PROJECT/$image:latest |
110 | | -} |
111 | | - |
112 | | -function test_catalog() { |
113 | | - local name=$1 |
114 | | - local token=$2 |
115 | | - local expected="$3" |
116 | | - local url="http://127.0.0.1:5000/v2/_catalog?org=$ORG&project=$PROJECT" |
117 | | - local auth_basic_token=$(echo -n $name:$token | fix_base64 -w 0) |
118 | | - local output=$(curl -sH "Authorization: Basic $auth_basic_token" $url) |
119 | | - echo $output | grep -w "{\"repositories\": \[$expected\]}" |
120 | | -} |
121 | | - |
122 | | -function test_digest() { |
123 | | - local name=$1 |
124 | | - local token=$2 |
125 | | - local image=$3 |
126 | | - local tag=$4 |
127 | | - local url="http://127.0.0.1:5000/v2/$image/manifests/$tag" |
128 | | - local auth_basic_token=$(echo -n $name:$token | fix_base64 -w 0) |
129 | | - local output=$(curl --verbose -sH "Authorization: Basic $auth_basic_token" $url 2>&1) |
130 | | - echo $output | grep -w "Docker-Content-Digest:" |
131 | | -} |
132 | | - |
133 | | -function test_repo_tags_list() { |
134 | | - local name=$1 |
135 | | - local token=$2 |
136 | | - local repo="$3" |
137 | | - local url="http://127.0.0.1:5000/v2/$repo/tags/list" |
138 | | - local auth_basic_token=$(echo -n $name:$token | fix_base64 -w 0) |
139 | | - local output=$(curl -sH "Authorization: Basic $auth_basic_token" $url) |
140 | | - echo $output | grep "\"name\": \"$repo\"" |
141 | | - echo $output | grep "\"tags\": \[" |
142 | | -} |
143 | | - |
144 | | -function get_registry_token_for_catalog() { |
145 | | - # the way to get auth token for accessing _catalog without using platform-registry-api: |
146 | | - local username=$1 |
147 | | - local password=$2 |
148 | | - local registry_url=$3 |
149 | | - local service=$4 |
150 | | - local auth_url="$registry_url?service=$service&scope=registry:catalog:*" |
151 | | - local auth_basic_token=$(echo -n $username:$password | fix_base64 -w 0) |
152 | | - curl -sH "Authorization: Basic $auth_basic_token" "$auth_url" | jq -r .token |
153 | | - # NOTE (A Yushkovskiy, 25.12.2018) Read materials: |
154 | | - # - on docker registry auth protocol: |
155 | | - # https://github.com/docker/distribution/blob/master/docs/spec/auth/token.md |
156 | | - # - on docker listing catalog REST API: |
157 | | - # https://docs.docker.com/registry/spec/api/#listing-repositories |
158 | | - # - examples of ACL rules for docker registry image: |
159 | | - # https://github.com/cesanta/docker_auth/blob/master/examples/reference.yml |
160 | | -} |
161 | | - |
162 | | -function debug_docker_catalog_local() { |
163 | | - local user=testuser |
164 | | - local password=testpassword |
165 | | - local registry_token=`get_registry_token_for_catalog "$user" "$password" "http://localhost:5001/auth" "upstream"` |
166 | | - curl -sH "Authorization: Bearer $registry_token" "http://localhost:5002/v2/_catalog" | jq |
167 | | -} |
168 | | - |
169 | | -function debug_docker_catalog_gcr() { |
170 | | - local user=$1 |
171 | | - local password=$2 |
172 | | - local registry_token=`get_registry_token_for_catalog "$user" "$password" "https://gcr.io/v2/token" "gcr.io"` |
173 | | - curl -sH "Authorization: Bearer $registry_token" "https://gcr.io/v2/_catalog" | jq |
174 | | -} |
175 | | - |
176 | | -ADMIN_TOKEN=$(generate_user_token admin) |
| 7 | +source tests/test_utils.sh |
177 | 8 |
|
178 | 9 | wait_for_registry |
179 | 10 |
|
|
0 commit comments