From e262cd38ad282b6f9c5bb467e9d6b62e320394df Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pawe=C5=82=20Gronowski?= Date: Tue, 28 Nov 2023 11:50:07 +0100 Subject: [PATCH] c8d/integration-cli: Adjust DockerRegistryAuthTokenSuite MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The auth service error response is not a part of the spec and containerd doesn't parse it like the Docker's distribution does. Check for containerd specific errors instead. Signed-off-by: Paweł Gronowski --- integration-cli/docker_cli_push_test.go | 50 ++++++++++++++++++++----- 1 file changed, 40 insertions(+), 10 deletions(-) diff --git a/integration-cli/docker_cli_push_test.go b/integration-cli/docker_cli_push_test.go index 30559d795a..3a984ebcf2 100644 --- a/integration-cli/docker_cli_push_test.go +++ b/integration-cli/docker_cli_push_test.go @@ -16,6 +16,7 @@ import ( "github.com/docker/docker/integration-cli/cli" "github.com/docker/docker/integration-cli/cli/build" "gotest.tools/v3/assert" + is "gotest.tools/v3/assert/cmp" "gotest.tools/v3/icmd" ) @@ -262,8 +263,16 @@ func (s *DockerRegistryAuthTokenSuite) TestPushTokenServiceUnauthResponse(c *tes cli.DockerCmd(c, "tag", "busybox", imgRepo) out, _, err := dockerCmdWithError("push", imgRepo) assert.ErrorContains(c, err, "", out) - assert.Assert(c, !strings.Contains(out, "Retrying")) - assert.Assert(c, strings.Contains(out, "unauthorized: a message")) + + assert.Check(c, !strings.Contains(out, "Retrying")) + + // Auth service errors are not part of the spec and containerd doesn't parse them. + if testEnv.UsingSnapshotter() { + assert.Check(c, is.Contains(out, "failed to authorize: failed to fetch anonymous token")) + assert.Check(c, is.Contains(out, "401 Unauthorized")) + } else { + assert.Check(c, is.Contains(out, "unauthorized: a message")) + } } func (s *DockerRegistryAuthTokenSuite) TestPushMisconfiguredTokenServiceResponseUnauthorized(c *testing.T) { @@ -276,8 +285,15 @@ func (s *DockerRegistryAuthTokenSuite) TestPushMisconfiguredTokenServiceResponse out, _, err := dockerCmdWithError("push", imgRepo) assert.ErrorContains(c, err, "", out) assert.Assert(c, !strings.Contains(out, "Retrying")) - split := strings.Split(out, "\n") - assert.Equal(c, split[len(split)-2], "unauthorized: authentication required") + + // Auth service errors are not part of the spec and containerd doesn't parse them. + if testEnv.UsingSnapshotter() { + assert.Check(c, is.Contains(out, "failed to authorize: failed to fetch anonymous token")) + assert.Check(c, is.Contains(out, "401 Unauthorized")) + } else { + split := strings.Split(out, "\n") + assert.Check(c, is.Contains(split[len(split)-2], "unauthorized: authentication required")) + } } func (s *DockerRegistryAuthTokenSuite) TestPushMisconfiguredTokenServiceResponseError(c *testing.T) { @@ -292,8 +308,15 @@ func (s *DockerRegistryAuthTokenSuite) TestPushMisconfiguredTokenServiceResponse // TODO: isolate test so that it can be guaranteed that the 503 will trigger xfer retries // assert.Assert(c, strings.Contains(out, "Retrying")) // assert.Assert(c, !strings.Contains(out, "Retrying in 15")) - split := strings.Split(out, "\n") - assert.Equal(c, split[len(split)-2], "toomanyrequests: out of tokens") + + // Auth service errors are not part of the spec and containerd doesn't parse them. + if testEnv.UsingSnapshotter() { + assert.Check(c, is.Contains(out, "failed to authorize: failed to fetch anonymous token")) + assert.Check(c, is.Contains(out, "503 Service Unavailable")) + } else { + split := strings.Split(out, "\n") + assert.Check(c, is.Equal(split[len(split)-2], "toomanyrequests: out of tokens")) + } } func (s *DockerRegistryAuthTokenSuite) TestPushMisconfiguredTokenServiceResponseUnparsable(c *testing.T) { @@ -305,9 +328,16 @@ func (s *DockerRegistryAuthTokenSuite) TestPushMisconfiguredTokenServiceResponse cli.DockerCmd(c, "tag", "busybox", imgRepo) out, _, err := dockerCmdWithError("push", imgRepo) assert.ErrorContains(c, err, "", out) - assert.Assert(c, !strings.Contains(out, "Retrying")) - split := strings.Split(out, "\n") - assert.Assert(c, strings.Contains(split[len(split)-2], "error parsing HTTP 403 response body: ")) + assert.Check(c, !strings.Contains(out, "Retrying")) + + // Auth service errors are not part of the spec and containerd doesn't parse them. + if testEnv.UsingSnapshotter() { + assert.Check(c, is.Contains(out, "failed to authorize: failed to fetch anonymous token")) + assert.Check(c, is.Contains(out, "403 Forbidden")) + } else { + split := strings.Split(out, "\n") + assert.Check(c, is.Contains(split[len(split)-2], "error parsing HTTP 403 response body: ")) + } } func (s *DockerRegistryAuthTokenSuite) TestPushMisconfiguredTokenServiceResponseNoToken(c *testing.T) { @@ -321,5 +351,5 @@ func (s *DockerRegistryAuthTokenSuite) TestPushMisconfiguredTokenServiceResponse assert.ErrorContains(c, err, "", out) assert.Assert(c, !strings.Contains(out, "Retrying")) split := strings.Split(out, "\n") - assert.Equal(c, split[len(split)-2], "authorization server did not include a token in the response") + assert.Check(c, is.Contains(split[len(split)-2], "authorization server did not include a token in the response")) }