moby/integration/image/pull_test.go

196 lines
5.9 KiB
Go
Raw Normal View History

Add regression tests for invalid platform status codes Before we handled containerd errors, using an invalid platform produced a 500 status: ```bash curl -v \ -X POST \ --unix-socket /var/run/docker.sock \ "http://localhost:2375/v1.40/images/create?fromImage=hello-world&platform=foobar&tag=latest" \ -H "Content-Type: application/json" ``` ``` * Connected to localhost (docker.sock) port 80 (#0) > POST /v1.40/images/create?fromImage=hello-world&platform=foobar&tag=latest HTTP/1.1 > Host: localhost:2375 > User-Agent: curl/7.54.0 > Accept: */* > Content-Type: application/json > < HTTP/1.1 500 Internal Server Error < Api-Version: 1.40 < Content-Length: 85 < Content-Type: application/json < Date: Mon, 15 Jul 2019 15:25:44 GMT < Docker-Experimental: true < Ostype: linux < Server: Docker/19.03.0-rc2 (linux) < {"message":"\"foobar\": unknown operating system or architecture: invalid argument"} ``` That problem is now fixed, and the API correctly returns a 4xx status: ```bash curl -v \ -X POST \ --unix-socket /var/run/docker.sock \ "http://localhost:2375/v1.40/images/create?fromImage=hello-world&platform=foobar&tag=latest" \ -H "Content-Type: application/json" ``` ``` * Connected to localhost (/var/run/docker.sock) port 80 (#0) > POST /v1.40/images/create?fromImage=hello-world&platform=foobar&tag=latest HTTP/1.1 > Host: localhost:2375 > User-Agent: curl/7.52.1 > Accept: */* > Content-Type: application/json > < HTTP/1.1 400 Bad Request < Api-Version: 1.41 < Content-Type: application/json < Docker-Experimental: true < Ostype: linux < Server: Docker/dev (linux) < Date: Mon, 15 Jul 2019 15:13:42 GMT < Content-Length: 85 < {"message":"\"foobar\": unknown operating system or architecture: invalid argument"} * Curl_http_done: called premature == 0 ``` This patch adds tests to validate the behaviour Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-07-15 16:19:31 +00:00
package image
import (
"context"
"encoding/json"
"fmt"
"io"
"os"
"path"
"strings"
Add regression tests for invalid platform status codes Before we handled containerd errors, using an invalid platform produced a 500 status: ```bash curl -v \ -X POST \ --unix-socket /var/run/docker.sock \ "http://localhost:2375/v1.40/images/create?fromImage=hello-world&platform=foobar&tag=latest" \ -H "Content-Type: application/json" ``` ``` * Connected to localhost (docker.sock) port 80 (#0) > POST /v1.40/images/create?fromImage=hello-world&platform=foobar&tag=latest HTTP/1.1 > Host: localhost:2375 > User-Agent: curl/7.54.0 > Accept: */* > Content-Type: application/json > < HTTP/1.1 500 Internal Server Error < Api-Version: 1.40 < Content-Length: 85 < Content-Type: application/json < Date: Mon, 15 Jul 2019 15:25:44 GMT < Docker-Experimental: true < Ostype: linux < Server: Docker/19.03.0-rc2 (linux) < {"message":"\"foobar\": unknown operating system or architecture: invalid argument"} ``` That problem is now fixed, and the API correctly returns a 4xx status: ```bash curl -v \ -X POST \ --unix-socket /var/run/docker.sock \ "http://localhost:2375/v1.40/images/create?fromImage=hello-world&platform=foobar&tag=latest" \ -H "Content-Type: application/json" ``` ``` * Connected to localhost (/var/run/docker.sock) port 80 (#0) > POST /v1.40/images/create?fromImage=hello-world&platform=foobar&tag=latest HTTP/1.1 > Host: localhost:2375 > User-Agent: curl/7.52.1 > Accept: */* > Content-Type: application/json > < HTTP/1.1 400 Bad Request < Api-Version: 1.41 < Content-Type: application/json < Docker-Experimental: true < Ostype: linux < Server: Docker/dev (linux) < Date: Mon, 15 Jul 2019 15:13:42 GMT < Content-Length: 85 < {"message":"\"foobar\": unknown operating system or architecture: invalid argument"} * Curl_http_done: called premature == 0 ``` This patch adds tests to validate the behaviour Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-07-15 16:19:31 +00:00
"testing"
"github.com/containerd/containerd"
"github.com/containerd/containerd/content"
"github.com/containerd/containerd/content/local"
"github.com/containerd/containerd/images"
"github.com/containerd/containerd/platforms"
Add regression tests for invalid platform status codes Before we handled containerd errors, using an invalid platform produced a 500 status: ```bash curl -v \ -X POST \ --unix-socket /var/run/docker.sock \ "http://localhost:2375/v1.40/images/create?fromImage=hello-world&platform=foobar&tag=latest" \ -H "Content-Type: application/json" ``` ``` * Connected to localhost (docker.sock) port 80 (#0) > POST /v1.40/images/create?fromImage=hello-world&platform=foobar&tag=latest HTTP/1.1 > Host: localhost:2375 > User-Agent: curl/7.54.0 > Accept: */* > Content-Type: application/json > < HTTP/1.1 500 Internal Server Error < Api-Version: 1.40 < Content-Length: 85 < Content-Type: application/json < Date: Mon, 15 Jul 2019 15:25:44 GMT < Docker-Experimental: true < Ostype: linux < Server: Docker/19.03.0-rc2 (linux) < {"message":"\"foobar\": unknown operating system or architecture: invalid argument"} ``` That problem is now fixed, and the API correctly returns a 4xx status: ```bash curl -v \ -X POST \ --unix-socket /var/run/docker.sock \ "http://localhost:2375/v1.40/images/create?fromImage=hello-world&platform=foobar&tag=latest" \ -H "Content-Type: application/json" ``` ``` * Connected to localhost (/var/run/docker.sock) port 80 (#0) > POST /v1.40/images/create?fromImage=hello-world&platform=foobar&tag=latest HTTP/1.1 > Host: localhost:2375 > User-Agent: curl/7.52.1 > Accept: */* > Content-Type: application/json > < HTTP/1.1 400 Bad Request < Api-Version: 1.41 < Content-Type: application/json < Docker-Experimental: true < Ostype: linux < Server: Docker/dev (linux) < Date: Mon, 15 Jul 2019 15:13:42 GMT < Content-Length: 85 < {"message":"\"foobar\": unknown operating system or architecture: invalid argument"} * Curl_http_done: called premature == 0 ``` This patch adds tests to validate the behaviour Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-07-15 16:19:31 +00:00
"github.com/docker/docker/api/types"
"github.com/docker/docker/errdefs"
"github.com/docker/docker/testutil/registry"
"github.com/opencontainers/go-digest"
"github.com/opencontainers/image-spec/specs-go"
ocispec "github.com/opencontainers/image-spec/specs-go/v1"
"gotest.tools/v3/assert"
is "gotest.tools/v3/assert/cmp"
"gotest.tools/v3/skip"
Add regression tests for invalid platform status codes Before we handled containerd errors, using an invalid platform produced a 500 status: ```bash curl -v \ -X POST \ --unix-socket /var/run/docker.sock \ "http://localhost:2375/v1.40/images/create?fromImage=hello-world&platform=foobar&tag=latest" \ -H "Content-Type: application/json" ``` ``` * Connected to localhost (docker.sock) port 80 (#0) > POST /v1.40/images/create?fromImage=hello-world&platform=foobar&tag=latest HTTP/1.1 > Host: localhost:2375 > User-Agent: curl/7.54.0 > Accept: */* > Content-Type: application/json > < HTTP/1.1 500 Internal Server Error < Api-Version: 1.40 < Content-Length: 85 < Content-Type: application/json < Date: Mon, 15 Jul 2019 15:25:44 GMT < Docker-Experimental: true < Ostype: linux < Server: Docker/19.03.0-rc2 (linux) < {"message":"\"foobar\": unknown operating system or architecture: invalid argument"} ``` That problem is now fixed, and the API correctly returns a 4xx status: ```bash curl -v \ -X POST \ --unix-socket /var/run/docker.sock \ "http://localhost:2375/v1.40/images/create?fromImage=hello-world&platform=foobar&tag=latest" \ -H "Content-Type: application/json" ``` ``` * Connected to localhost (/var/run/docker.sock) port 80 (#0) > POST /v1.40/images/create?fromImage=hello-world&platform=foobar&tag=latest HTTP/1.1 > Host: localhost:2375 > User-Agent: curl/7.52.1 > Accept: */* > Content-Type: application/json > < HTTP/1.1 400 Bad Request < Api-Version: 1.41 < Content-Type: application/json < Docker-Experimental: true < Ostype: linux < Server: Docker/dev (linux) < Date: Mon, 15 Jul 2019 15:13:42 GMT < Content-Length: 85 < {"message":"\"foobar\": unknown operating system or architecture: invalid argument"} * Curl_http_done: called premature == 0 ``` This patch adds tests to validate the behaviour Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-07-15 16:19:31 +00:00
)
func TestImagePullPlatformInvalid(t *testing.T) {
ctx := setupTest(t)
Add regression tests for invalid platform status codes Before we handled containerd errors, using an invalid platform produced a 500 status: ```bash curl -v \ -X POST \ --unix-socket /var/run/docker.sock \ "http://localhost:2375/v1.40/images/create?fromImage=hello-world&platform=foobar&tag=latest" \ -H "Content-Type: application/json" ``` ``` * Connected to localhost (docker.sock) port 80 (#0) > POST /v1.40/images/create?fromImage=hello-world&platform=foobar&tag=latest HTTP/1.1 > Host: localhost:2375 > User-Agent: curl/7.54.0 > Accept: */* > Content-Type: application/json > < HTTP/1.1 500 Internal Server Error < Api-Version: 1.40 < Content-Length: 85 < Content-Type: application/json < Date: Mon, 15 Jul 2019 15:25:44 GMT < Docker-Experimental: true < Ostype: linux < Server: Docker/19.03.0-rc2 (linux) < {"message":"\"foobar\": unknown operating system or architecture: invalid argument"} ``` That problem is now fixed, and the API correctly returns a 4xx status: ```bash curl -v \ -X POST \ --unix-socket /var/run/docker.sock \ "http://localhost:2375/v1.40/images/create?fromImage=hello-world&platform=foobar&tag=latest" \ -H "Content-Type: application/json" ``` ``` * Connected to localhost (/var/run/docker.sock) port 80 (#0) > POST /v1.40/images/create?fromImage=hello-world&platform=foobar&tag=latest HTTP/1.1 > Host: localhost:2375 > User-Agent: curl/7.52.1 > Accept: */* > Content-Type: application/json > < HTTP/1.1 400 Bad Request < Api-Version: 1.41 < Content-Type: application/json < Docker-Experimental: true < Ostype: linux < Server: Docker/dev (linux) < Date: Mon, 15 Jul 2019 15:13:42 GMT < Content-Length: 85 < {"message":"\"foobar\": unknown operating system or architecture: invalid argument"} * Curl_http_done: called premature == 0 ``` This patch adds tests to validate the behaviour Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2019-07-15 16:19:31 +00:00
client := testEnv.APIClient()
_, err := client.ImagePull(ctx, "docker.io/library/hello-world:latest", types.ImagePullOptions{Platform: "foobar"})
assert.Assert(t, err != nil)
assert.ErrorContains(t, err, "unknown operating system or architecture")
assert.Assert(t, errdefs.IsInvalidParameter(err))
}
func createTestImage(ctx context.Context, t testing.TB, store content.Store) ocispec.Descriptor {
w, err := store.Writer(ctx, content.WithRef("layer"))
assert.NilError(t, err)
defer w.Close()
// Empty layer with just a root dir
const layer = `./0000775000000000000000000000000014201045023007702 5ustar rootroot`
_, err = w.Write([]byte(layer))
assert.NilError(t, err)
err = w.Commit(ctx, int64(len(layer)), digest.FromBytes([]byte(layer)))
assert.NilError(t, err)
layerDigest := w.Digest()
w.Close()
img := ocispec.Image{
Platform: platforms.DefaultSpec(),
RootFS: ocispec.RootFS{Type: "layers", DiffIDs: []digest.Digest{layerDigest}},
Config: ocispec.ImageConfig{WorkingDir: "/"},
}
imgJSON, err := json.Marshal(img)
assert.NilError(t, err)
w, err = store.Writer(ctx, content.WithRef("config"))
assert.NilError(t, err)
defer w.Close()
_, err = w.Write(imgJSON)
assert.NilError(t, err)
assert.NilError(t, w.Commit(ctx, int64(len(imgJSON)), digest.FromBytes(imgJSON)))
configDigest := w.Digest()
w.Close()
info, err := store.Info(ctx, layerDigest)
assert.NilError(t, err)
manifest := ocispec.Manifest{
Versioned: specs.Versioned{
SchemaVersion: 2,
},
MediaType: images.MediaTypeDockerSchema2Manifest,
Config: ocispec.Descriptor{
MediaType: images.MediaTypeDockerSchema2Config,
Digest: configDigest,
Size: int64(len(imgJSON)),
},
Layers: []ocispec.Descriptor{{
MediaType: images.MediaTypeDockerSchema2Layer,
Digest: layerDigest,
Size: info.Size,
}},
}
manifestJSON, err := json.Marshal(manifest)
assert.NilError(t, err)
w, err = store.Writer(ctx, content.WithRef("manifest"))
assert.NilError(t, err)
defer w.Close()
_, err = w.Write(manifestJSON)
assert.NilError(t, err)
assert.NilError(t, w.Commit(ctx, int64(len(manifestJSON)), digest.FromBytes(manifestJSON)))
manifestDigest := w.Digest()
w.Close()
return ocispec.Descriptor{
MediaType: images.MediaTypeDockerSchema2Manifest,
Digest: manifestDigest,
Size: int64(len(manifestJSON)),
}
}
// Make sure that pulling by an already cached digest but for a different ref (that should not have that digest)
// verifies with the remote that the digest exists in that repo.
func TestImagePullStoredfDigestForOtherRepo(t *testing.T) {
skip.If(t, testEnv.IsRemoteDaemon, "cannot run daemon when remote daemon")
skip.If(t, testEnv.DaemonInfo.OSType == "windows", "We don't run a test registry on Windows")
skip.If(t, testEnv.IsRootless, "Rootless has a different view of localhost (needed for test registry access)")
ctx := setupTest(t)
reg := registry.NewV2(t, registry.WithStdout(os.Stdout), registry.WithStderr(os.Stderr))
defer reg.Close()
reg.WaitReady(t)
// First create an image and upload it to our local registry
// Then we'll download it so that we can make sure the content is available in dockerd's manifest cache.
// Then we'll try to pull the same digest but with a different repo name.
dir := t.TempDir()
store, err := local.NewStore(dir)
assert.NilError(t, err)
desc := createTestImage(ctx, t, store)
remote := path.Join(registry.DefaultURL, "test:latest")
c8dClient, err := containerd.New("", containerd.WithServices(containerd.WithContentStore(store)))
assert.NilError(t, err)
c8dClient.Push(ctx, remote, desc)
assert.NilError(t, err)
client := testEnv.APIClient()
rdr, err := client.ImagePull(ctx, remote, types.ImagePullOptions{})
assert.NilError(t, err)
defer rdr.Close()
io.Copy(io.Discard, rdr)
// Now, pull a totally different repo with a the same digest
rdr, err = client.ImagePull(ctx, path.Join(registry.DefaultURL, "other:image@"+desc.Digest.String()), types.ImagePullOptions{})
if rdr != nil {
rdr.Close()
}
assert.Assert(t, err != nil, "Expected error, got none: %v", err)
assert.Assert(t, errdefs.IsNotFound(err), err)
}
// TestImagePullNonExisting pulls non-existing images from the central registry, with different
// combinations of implicit tag and library prefix.
func TestImagePullNonExisting(t *testing.T) {
ctx := setupTest(t)
for _, ref := range []string{
"asdfasdf:foobar",
"library/asdfasdf:foobar",
"asdfasdf",
"asdfasdf:latest",
"library/asdfasdf",
"library/asdfasdf:latest",
} {
ref := ref
all := strings.Contains(ref, ":")
t.Run(ref, func(t *testing.T) {
t.Parallel()
client := testEnv.APIClient()
rdr, err := client.ImagePull(ctx, ref, types.ImagePullOptions{
All: all,
})
if err == nil {
rdr.Close()
}
expectedMsg := fmt.Sprintf("pull access denied for %s, repository does not exist or may require 'docker login'", "asdfasdf")
assert.Assert(t, is.ErrorContains(err, expectedMsg))
assert.Check(t, is.ErrorType(err, errdefs.IsNotFound))
if all {
// pull -a on a nonexistent registry should fall back as well
assert.Check(t, !strings.Contains(err.Error(), "unauthorized"), `message should not contain "unauthorized"`)
}
})
}
}