add containersimageregistry to standard registry test suite

Signed-off-by: Joe Lanford <[email protected]>

Author: joelanford

pkg/image/registry_test.go

@@ -4,19 +4,21 @@ import (
 	"context"
 	"crypto/rand"
 	"crypto/x509"
+	"encoding/pem"
 	"errors"
 	"fmt"
 	"io"
 	"math"
 	"math/big"
 	"net/http"
+	"net/url"
 	"os"
+	"path/filepath"
 	"sync"
 	"testing"
 
-	distribution "github.com/distribution/distribution/v3"
-	"github.com/distribution/distribution/v3/configuration"
-	repositorymiddleware "github.com/distribution/distribution/v3/registry/middleware/repository"
+	"github.com/containers/image/v5/types"
+	"github.com/distribution/distribution/v3"
 	"github.com/distribution/reference"
 	"github.com/opencontainers/go-digest"
 	"github.com/sirupsen/logrus"
@@ -25,32 +27,60 @@ import (
 
 	"github.com/operator-framework/operator-registry/pkg/image"
 	"github.com/operator-framework/operator-registry/pkg/image/containerdregistry"
+	"github.com/operator-framework/operator-registry/pkg/image/containersimageregistry"
 	libimage "github.com/operator-framework/operator-registry/pkg/lib/image"
 )
 
 // cleanupFunc is a function that cleans up after some test infra.
 type cleanupFunc func()
 
 // newRegistryFunc is a function that creates and returns a new image.Registry to test its cleanupFunc.
-type newRegistryFunc func(t *testing.T, cafile string) (image.Registry, cleanupFunc)
+type newRegistryFunc func(t *testing.T, serverCert *x509.Certificate) (image.Registry, cleanupFunc)
 
-func poolForCertFile(t *testing.T, file string) *x509.CertPool {
-	rootCAs := x509.NewCertPool()
-	certs, err := os.ReadFile(file)
+func caDirForCert(t *testing.T, serverCert *x509.Certificate) string {
+	caDir, err := os.MkdirTemp("", "opm-registry-test-ca-")
+	require.NoError(t, err)
+	caFile, err := os.Create(filepath.Join(caDir, "ca.crt"))
 	require.NoError(t, err)
-	require.True(t, rootCAs.AppendCertsFromPEM(certs))
+
+	require.NoError(t, pem.Encode(caFile, &pem.Block{
+		Type:  "CERTIFICATE",
+		Bytes: serverCert.Raw,
+	}))
+	require.NoError(t, caFile.Close())
+	return caDir
+}
+
+func poolForCert(serverCert *x509.Certificate) *x509.CertPool {
+	rootCAs := x509.NewCertPool()
+	rootCAs.AddCert(serverCert)
 	return rootCAs
 }
 
 func TestRegistries(t *testing.T) {
 	registries := map[string]newRegistryFunc{
-		"containerd": func(t *testing.T, cafile string) (image.Registry, cleanupFunc) {
+		"containersimage": func(t *testing.T, serverCert *x509.Certificate) (image.Registry, cleanupFunc) {
+			caDir := caDirForCert(t, serverCert)
+			sourceCtx := &types.SystemContext{
+				OCICertPath:              caDir,
+				DockerCertPath:           caDir,
+				DockerPerHostCertDirPath: caDir,
+			}
+			r, err := containersimageregistry.New(sourceCtx, containersimageregistry.ForceTemporaryImageCache())
+			require.NoError(t, err)
+			cleanup := func() {
+				require.NoError(t, os.RemoveAll(caDir))
+				require.NoError(t, r.Destroy())
+			}
+			return r, cleanup
+		},
+		"containerd": func(t *testing.T, serverCert *x509.Certificate) (image.Registry, cleanupFunc) {
 			val, err := rand.Int(rand.Reader, big.NewInt(math.MaxInt64))
 			require.NoError(t, err)
 			r, err := containerdregistry.NewRegistry(
 				containerdregistry.WithLog(logrus.New().WithField("test", t.Name())),
 				containerdregistry.WithCacheDir(fmt.Sprintf("cache-%x", val)),
-				containerdregistry.WithRootCAs(poolForCertFile(t, cafile)),
+				containerdregistry.WithRootCAs(poolForCert(serverCert)),
 			)
 			require.NoError(t, err)
 			cleanup := func() {
@@ -59,37 +89,25 @@ func TestRegistries(t *testing.T) {
 
 			return r, cleanup
 		},
-		// TODO: enable docker tests - currently blocked on a cross-platform way to configure either insecure registries
-		// or CA certs
-		//"docker": func(t *testing.T, cafile string) (image.Registry, cleanupFunc) {
-		//	r, err := execregistry.NewRegistry(containertools.DockerTool,
-		//		logrus.New().WithField("test", t.Name()),
-		//		cafile,
-		//	)
-		//	require.NoError(t, err)
-		//	cleanup := func() {
-		//		require.NoError(t, r.Destroy())
-		//	}
-		//
-		//	return r, cleanup
-		//},
-		// TODO: Enable buildah tests
-		// func(t *testing.T) image.Registry {
-		// 	r, err := buildahregistry.NewRegistry(
-		// 		buildahregistry.WithLog(logrus.New().WithField("test", t.Name())),
-		// 		buildahregistry.WithCacheDir(fmt.Sprintf("cache-%x", rand.Int())),
-		// 	)
-		// 	require.NoError(t, err)
-
-		// 	return r
-		// },
 	}
 
 	for name, registry := range registries {
 		testPullAndUnpack(t, name, registry)
 	}
 }
 
+type httpError struct {
+	statusCode int
+	error      error
+}
+
+func (e *httpError) Error() string {
+	if e.error != nil {
+		return e.error.Error()
+	}
+	return http.StatusText(e.statusCode)
+}
+
 func testPullAndUnpack(t *testing.T, name string, newRegistry newRegistryFunc) {
 	type args struct {
 		dockerRootDir string
@@ -134,7 +152,7 @@ func testPullAndUnpack(t *testing.T, name string, newRegistry newRegistryFunc) {
 				dockerRootDir: "testdata/golden",
 				img:           "/olmtest/kiali:1.4.2",
 				pullErrCount:  1,
-				pullErr:       errors.New("dummy"),
+				pullErr:       &httpError{statusCode: http.StatusTooManyRequests},
 			},
 			expected: expected{
 				checksum:      dirChecksum(t, "testdata/golden/bundles/kiali"),
@@ -158,10 +176,12 @@ func testPullAndUnpack(t *testing.T, name string, newRegistry newRegistryFunc) {
 				dockerRootDir: "testdata/golden",
 				img:           "/olmtest/kiali:1.4.2",
 				pullErrCount:  math.MaxInt64,
-				pullErr:       errors.New("dummy"),
+				pullErr:       &httpError{statusCode: http.StatusTooManyRequests},
 			},
 			expected: expected{
-				pullAssertion: require.Error,
+				pullAssertion: func(t require.TestingT, err error, i ...interface{}) {
+					require.Error(t, err)
+				},
 			},
 		},
 	}
@@ -171,36 +191,24 @@ func testPullAndUnpack(t *testing.T, name string, newRegistry newRegistryFunc) {
 			ctx, close := context.WithCancel(context.Background())
 			defer close()
 
-			configOpts := []libimage.ConfigOpt{}
-
+			var middlewares []func(next http.Handler) http.Handler
 			if tt.args.pullErrCount > 0 {
-				configOpts = append(configOpts, func(config *configuration.Configuration) {
-					if config.Middleware == nil {
-						config.Middleware = make(map[string][]configuration.Middleware)
-					}
-
-					mockRepo := &mockRepo{blobStore: &mockBlobStore{
-						maxCount: tt.args.pullErrCount,
-						err:      tt.args.pullErr,
-					}}
-					val, err := rand.Int(rand.Reader, big.NewInt(math.MaxInt64))
-					require.NoError(t, err)
-
-					middlewareName := fmt.Sprintf("test-%x", val)
-					require.NoError(t, repositorymiddleware.Register(middlewareName, mockRepo.init))
-					config.Middleware["repository"] = append(config.Middleware["repository"], configuration.Middleware{
-						Name: middlewareName,
-					})
-				})
+				middlewares = append(middlewares, failureMiddleware(tt.args.pullErrCount, tt.args.pullErr))
 			}
 
-			host, cafile, err := libimage.RunDockerRegistry(ctx, tt.args.dockerRootDir, configOpts...)
-			require.NoError(t, err)
+			t.Log("starting docker registry")
+			dockerServer := libimage.RunDockerRegistry(ctx, tt.args.dockerRootDir, middlewares...)
+			defer dockerServer.Close()
+			t.Log("started docker registry")
 
-			r, cleanup := newRegistry(t, cafile)
+			r, cleanup := newRegistry(t, dockerServer.Certificate())
 			defer cleanup()
 
-			ref := image.SimpleReference(host + tt.args.img)
+			url, err := url.Parse(dockerServer.URL)
+			require.NoError(t, err)
+
+			ref := image.SimpleReference(fmt.Sprintf("%s%s", url.Host, tt.args.img))
+			t.Log("pulling image", ref)
 			tt.expected.pullAssertion(t, r.Pull(ctx, ref))
 
 			if tt.expected.checksum != "" {
@@ -303,3 +311,24 @@ func (f *mockBlobStore) ServeBlob(ctx context.Context, w http.ResponseWriter, r
 func (f *mockBlobStore) Delete(ctx context.Context, dgst digest.Digest) error {
 	return f.base.Delete(ctx, dgst)
 }
+
+func failureMiddleware(totalCount int, err error) func(next http.Handler) http.Handler {
+	return func(next http.Handler) http.Handler {
+		count := 0
+		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			if count >= totalCount {
+				next.ServeHTTP(w, r)
+				return
+			}
+			count++
+			statusCode := http.StatusInternalServerError
+
+			var httpErr *httpError
+			if errors.As(err, &httpErr) {
+				statusCode = httpErr.statusCode
+			}
+
+			http.Error(w, err.Error(), statusCode)
+		})
+	}
+}