skopeo/integration/check_test.go

package main

import (
	"fmt"
	"os/exec"
	"testing"

	"github.com/containers/skopeo/version"
	"gopkg.in/check.v1"
)

const (
	privateRegistryURL0 = "127.0.0.1:5000"
	privateRegistryURL1 = "127.0.0.1:5001"
)

func Test(t *testing.T) {
	check.TestingT(t)
}

func init() {
	check.Suite(&SkopeoSuite{})
}

type SkopeoSuite struct {
	regV2         *testRegistryV2
	regV2WithAuth *testRegistryV2
}

func (s *SkopeoSuite) SetUpSuite(c *check.C) {
	_, err := exec.LookPath(skopeoBinary)
	c.Assert(err, check.IsNil)
	s.regV2 = setupRegistryV2At(c, privateRegistryURL0, false, false)
	s.regV2WithAuth = setupRegistryV2At(c, privateRegistryURL1, true, false)
}

func (s *SkopeoSuite) TearDownSuite(c *check.C) {
	if s.regV2 != nil {
		s.regV2.tearDown(c)
	}
	if s.regV2WithAuth != nil {
		// cmd := exec.Command("docker", "logout", s.regV2WithAuth)
		// c.Assert(cmd.Run(), check.IsNil)
		s.regV2WithAuth.tearDown(c)
	}
}

func (s *SkopeoSuite) TestVersion(c *check.C) {
	assertSkopeoSucceeds(c, fmt.Sprintf(".*%s version %s.*", skopeoBinary, version.Version),
		"--version")
}

func (s *SkopeoSuite) TestCanAuthToPrivateRegistryV2WithoutDockerCfg(c *check.C) {
	assertSkopeoFails(c, ".*manifest unknown.*",
		"--tls-verify=false", "inspect", "--creds="+s.regV2WithAuth.username+":"+s.regV2WithAuth.password, fmt.Sprintf("docker://%s/busybox:latest", s.regV2WithAuth.url))
}

func (s *SkopeoSuite) TestNeedAuthToPrivateRegistryV2WithoutDockerCfg(c *check.C) {
	assertSkopeoFails(c, ".*authentication required.*",
		"--tls-verify=false", "inspect", fmt.Sprintf("docker://%s/busybox:latest", s.regV2WithAuth.url))
}

func (s *SkopeoSuite) TestCertDirInsteadOfCertPath(c *check.C) {
	assertSkopeoFails(c, ".*unknown flag: --cert-path.*",
		"--tls-verify=false", "inspect", fmt.Sprintf("docker://%s/busybox:latest", s.regV2WithAuth.url), "--cert-path=/")
	assertSkopeoFails(c, ".*authentication required.*",
		"--tls-verify=false", "inspect", fmt.Sprintf("docker://%s/busybox:latest", s.regV2WithAuth.url), "--cert-dir=/etc/docker/certs.d/")
}

// TODO(runcom): as soon as we can push to registries ensure you can inspect here
// not just get image not found :)
func (s *SkopeoSuite) TestNoNeedAuthToPrivateRegistryV2ImageNotFound(c *check.C) {
	out, err := exec.Command(skopeoBinary, "--tls-verify=false", "inspect", fmt.Sprintf("docker://%s/busybox:latest", s.regV2.url)).CombinedOutput()
	c.Assert(err, check.NotNil, check.Commentf(string(out)))
	c.Assert(string(out), check.Matches, "(?s).*manifest unknown.*")                                 // (?s) : '.' will also match newlines
	c.Assert(string(out), check.Not(check.Matches), "(?s).*unauthorized: authentication required.*") // (?s) : '.' will also match newlines
}

func (s *SkopeoSuite) TestInspectFailsWhenReferenceIsInvalid(c *check.C) {
	assertSkopeoFails(c, `.*Invalid image name.*`, "inspect", "unknown")
}

func (s *SkopeoSuite) TestLoginLogout(c *check.C) {
	assertSkopeoSucceeds(c, "^Login Succeeded!\n$",
		"login", "--tls-verify=false", "--username="+s.regV2WithAuth.username, "--password="+s.regV2WithAuth.password, s.regV2WithAuth.url)
	// test --get-login returns username
	assertSkopeoSucceeds(c, fmt.Sprintf("^%s\n$", s.regV2WithAuth.username),
		"login", "--tls-verify=false", "--get-login", s.regV2WithAuth.url)
	// test logout
	assertSkopeoSucceeds(c, fmt.Sprintf("^Removed login credentials for %s\n$", s.regV2WithAuth.url),
		"logout", s.regV2WithAuth.url)
}

func (s *SkopeoSuite) TestCopyWithLocalAuth(c *check.C) {
	assertSkopeoSucceeds(c, "^Login Succeeded!\n$",
		"login", "--tls-verify=false", "--username="+s.regV2WithAuth.username, "--password="+s.regV2WithAuth.password, s.regV2WithAuth.url)
	// copy to private registry using local authentication
	imageName := fmt.Sprintf("docker://%s/busybox:mine", s.regV2WithAuth.url)
	assertSkopeoSucceeds(c, "", "copy", "--dest-tls-verify=false", testFQIN+":latest", imageName)
	// inspect from private registry
	assertSkopeoSucceeds(c, "", "inspect", "--tls-verify=false", imageName)
	// logout from the registry
	assertSkopeoSucceeds(c, fmt.Sprintf("^Removed login credentials for %s\n$", s.regV2WithAuth.url),
		"logout", s.regV2WithAuth.url)
	// inspect from private registry should fail after logout
	assertSkopeoFails(c, ".*authentication required.*",
		"inspect", "--tls-verify=false", imageName)
}