mirror of
https://github.com/containers/skopeo.git
synced 2025-04-27 11:01:18 +00:00
5dd3b2bffd
- Got TLS registry working, and test enabled. The trick was to copy the .crt file to a separate directory *without* the .key - auth test - set up a private XDG_RUNTIME_DIR, in case tests are being run by a real user. - signing test - remove FIXME comments; questions answered. - helpers.bash - document start_registries(); save a .crt file, not .cert; and remove unused stop_registries() - it's too hard to do right, and very easy for individual tests to 'podman rm -f' - run-tests - remove SKOPEO_BINARY definition, it's inconsistent with the one in helpers.bash Signed-off-by: Ed Santiago <santiago@redhat.com>
79 lines
2.4 KiB
Bash
79 lines
2.4 KiB
Bash
#!/usr/bin/env bats
|
|
#
|
|
# Tests with a local registry with auth
|
|
#
|
|
|
|
load helpers
|
|
|
|
function setup() {
|
|
standard_setup
|
|
|
|
# Remove old/stale cred file
|
|
_cred_dir=$TESTDIR/credentials
|
|
export XDG_RUNTIME_DIR=$_cred_dir
|
|
mkdir -p $_cred_dir/containers
|
|
rm -f $_cred_dir/containers/auth.json
|
|
|
|
# Start authenticated registry with random password
|
|
testuser=testuser
|
|
testpassword=$(random_string 15)
|
|
|
|
start_registry --testuser=testuser --testpassword=$testpassword reg
|
|
}
|
|
|
|
@test "auth: credentials on command line" {
|
|
# No creds
|
|
run_skopeo 1 inspect --tls-verify=false docker://localhost:5000/nonesuch
|
|
expect_output --substring "unauthorized: authentication required"
|
|
|
|
# Wrong user
|
|
run_skopeo 1 inspect --tls-verify=false --creds=baduser:badpassword \
|
|
docker://localhost:5000/nonesuch
|
|
expect_output --substring "unauthorized: authentication required"
|
|
|
|
# Wrong password
|
|
run_skopeo 1 inspect --tls-verify=false --creds=$testuser:badpassword \
|
|
docker://localhost:5000/nonesuch
|
|
expect_output --substring "unauthorized: authentication required"
|
|
|
|
# Correct creds, but no such image
|
|
run_skopeo 1 inspect --tls-verify=false --creds=$testuser:$testpassword \
|
|
docker://localhost:5000/nonesuch
|
|
expect_output --substring "manifest unknown: manifest unknown"
|
|
|
|
# These should pass
|
|
run_skopeo copy --dest-tls-verify=false --dcreds=$testuser:$testpassword \
|
|
docker://busybox:latest docker://localhost:5000/busybox:mine
|
|
run_skopeo inspect --tls-verify=false --creds=$testuser:$testpassword \
|
|
docker://localhost:5000/busybox:mine
|
|
expect_output --substring "localhost:5000/busybox"
|
|
}
|
|
|
|
@test "auth: credentials via podman login" {
|
|
# Logged in: skopeo should work
|
|
podman login --tls-verify=false -u $testuser -p $testpassword localhost:5000
|
|
|
|
run_skopeo copy --dest-tls-verify=false \
|
|
docker://busybox:latest docker://localhost:5000/busybox:mine
|
|
run_skopeo inspect --tls-verify=false docker://localhost:5000/busybox:mine
|
|
expect_output --substring "localhost:5000/busybox"
|
|
|
|
# Logged out: should fail
|
|
podman logout localhost:5000
|
|
|
|
run_skopeo 1 inspect --tls-verify=false docker://localhost:5000/busybox:mine
|
|
expect_output --substring "unauthorized: authentication required"
|
|
}
|
|
|
|
teardown() {
|
|
podman rm -f reg
|
|
|
|
if [[ -n $_cred_dir ]]; then
|
|
rm -rf $_cred_dir
|
|
fi
|
|
|
|
standard_teardown
|
|
}
|
|
|
|
# vim: filetype=sh
|