c8d/integration-cli: Adjust DockerRegistryAuthTokenSuite
The auth service error response is not a part of the spec and containerd doesn't parse it like the Docker's distribution does. Check for containerd specific errors instead. Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
This commit is contained in:
parent
f6533a1df1
commit
e262cd38ad
1 changed files with 40 additions and 10 deletions
|
@ -16,6 +16,7 @@ import (
|
||||||
"github.com/docker/docker/integration-cli/cli"
|
"github.com/docker/docker/integration-cli/cli"
|
||||||
"github.com/docker/docker/integration-cli/cli/build"
|
"github.com/docker/docker/integration-cli/cli/build"
|
||||||
"gotest.tools/v3/assert"
|
"gotest.tools/v3/assert"
|
||||||
|
is "gotest.tools/v3/assert/cmp"
|
||||||
"gotest.tools/v3/icmd"
|
"gotest.tools/v3/icmd"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -262,8 +263,16 @@ func (s *DockerRegistryAuthTokenSuite) TestPushTokenServiceUnauthResponse(c *tes
|
||||||
cli.DockerCmd(c, "tag", "busybox", imgRepo)
|
cli.DockerCmd(c, "tag", "busybox", imgRepo)
|
||||||
out, _, err := dockerCmdWithError("push", imgRepo)
|
out, _, err := dockerCmdWithError("push", imgRepo)
|
||||||
assert.ErrorContains(c, err, "", out)
|
assert.ErrorContains(c, err, "", out)
|
||||||
assert.Assert(c, !strings.Contains(out, "Retrying"))
|
|
||||||
assert.Assert(c, strings.Contains(out, "unauthorized: a message"))
|
assert.Check(c, !strings.Contains(out, "Retrying"))
|
||||||
|
|
||||||
|
// Auth service errors are not part of the spec and containerd doesn't parse them.
|
||||||
|
if testEnv.UsingSnapshotter() {
|
||||||
|
assert.Check(c, is.Contains(out, "failed to authorize: failed to fetch anonymous token"))
|
||||||
|
assert.Check(c, is.Contains(out, "401 Unauthorized"))
|
||||||
|
} else {
|
||||||
|
assert.Check(c, is.Contains(out, "unauthorized: a message"))
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s *DockerRegistryAuthTokenSuite) TestPushMisconfiguredTokenServiceResponseUnauthorized(c *testing.T) {
|
func (s *DockerRegistryAuthTokenSuite) TestPushMisconfiguredTokenServiceResponseUnauthorized(c *testing.T) {
|
||||||
|
@ -276,8 +285,15 @@ func (s *DockerRegistryAuthTokenSuite) TestPushMisconfiguredTokenServiceResponse
|
||||||
out, _, err := dockerCmdWithError("push", imgRepo)
|
out, _, err := dockerCmdWithError("push", imgRepo)
|
||||||
assert.ErrorContains(c, err, "", out)
|
assert.ErrorContains(c, err, "", out)
|
||||||
assert.Assert(c, !strings.Contains(out, "Retrying"))
|
assert.Assert(c, !strings.Contains(out, "Retrying"))
|
||||||
split := strings.Split(out, "\n")
|
|
||||||
assert.Equal(c, split[len(split)-2], "unauthorized: authentication required")
|
// Auth service errors are not part of the spec and containerd doesn't parse them.
|
||||||
|
if testEnv.UsingSnapshotter() {
|
||||||
|
assert.Check(c, is.Contains(out, "failed to authorize: failed to fetch anonymous token"))
|
||||||
|
assert.Check(c, is.Contains(out, "401 Unauthorized"))
|
||||||
|
} else {
|
||||||
|
split := strings.Split(out, "\n")
|
||||||
|
assert.Check(c, is.Contains(split[len(split)-2], "unauthorized: authentication required"))
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s *DockerRegistryAuthTokenSuite) TestPushMisconfiguredTokenServiceResponseError(c *testing.T) {
|
func (s *DockerRegistryAuthTokenSuite) TestPushMisconfiguredTokenServiceResponseError(c *testing.T) {
|
||||||
|
@ -292,8 +308,15 @@ func (s *DockerRegistryAuthTokenSuite) TestPushMisconfiguredTokenServiceResponse
|
||||||
// TODO: isolate test so that it can be guaranteed that the 503 will trigger xfer retries
|
// TODO: isolate test so that it can be guaranteed that the 503 will trigger xfer retries
|
||||||
// assert.Assert(c, strings.Contains(out, "Retrying"))
|
// assert.Assert(c, strings.Contains(out, "Retrying"))
|
||||||
// assert.Assert(c, !strings.Contains(out, "Retrying in 15"))
|
// assert.Assert(c, !strings.Contains(out, "Retrying in 15"))
|
||||||
split := strings.Split(out, "\n")
|
|
||||||
assert.Equal(c, split[len(split)-2], "toomanyrequests: out of tokens")
|
// Auth service errors are not part of the spec and containerd doesn't parse them.
|
||||||
|
if testEnv.UsingSnapshotter() {
|
||||||
|
assert.Check(c, is.Contains(out, "failed to authorize: failed to fetch anonymous token"))
|
||||||
|
assert.Check(c, is.Contains(out, "503 Service Unavailable"))
|
||||||
|
} else {
|
||||||
|
split := strings.Split(out, "\n")
|
||||||
|
assert.Check(c, is.Equal(split[len(split)-2], "toomanyrequests: out of tokens"))
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s *DockerRegistryAuthTokenSuite) TestPushMisconfiguredTokenServiceResponseUnparsable(c *testing.T) {
|
func (s *DockerRegistryAuthTokenSuite) TestPushMisconfiguredTokenServiceResponseUnparsable(c *testing.T) {
|
||||||
|
@ -305,9 +328,16 @@ func (s *DockerRegistryAuthTokenSuite) TestPushMisconfiguredTokenServiceResponse
|
||||||
cli.DockerCmd(c, "tag", "busybox", imgRepo)
|
cli.DockerCmd(c, "tag", "busybox", imgRepo)
|
||||||
out, _, err := dockerCmdWithError("push", imgRepo)
|
out, _, err := dockerCmdWithError("push", imgRepo)
|
||||||
assert.ErrorContains(c, err, "", out)
|
assert.ErrorContains(c, err, "", out)
|
||||||
assert.Assert(c, !strings.Contains(out, "Retrying"))
|
assert.Check(c, !strings.Contains(out, "Retrying"))
|
||||||
split := strings.Split(out, "\n")
|
|
||||||
assert.Assert(c, strings.Contains(split[len(split)-2], "error parsing HTTP 403 response body: "))
|
// Auth service errors are not part of the spec and containerd doesn't parse them.
|
||||||
|
if testEnv.UsingSnapshotter() {
|
||||||
|
assert.Check(c, is.Contains(out, "failed to authorize: failed to fetch anonymous token"))
|
||||||
|
assert.Check(c, is.Contains(out, "403 Forbidden"))
|
||||||
|
} else {
|
||||||
|
split := strings.Split(out, "\n")
|
||||||
|
assert.Check(c, is.Contains(split[len(split)-2], "error parsing HTTP 403 response body: "))
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s *DockerRegistryAuthTokenSuite) TestPushMisconfiguredTokenServiceResponseNoToken(c *testing.T) {
|
func (s *DockerRegistryAuthTokenSuite) TestPushMisconfiguredTokenServiceResponseNoToken(c *testing.T) {
|
||||||
|
@ -321,5 +351,5 @@ func (s *DockerRegistryAuthTokenSuite) TestPushMisconfiguredTokenServiceResponse
|
||||||
assert.ErrorContains(c, err, "", out)
|
assert.ErrorContains(c, err, "", out)
|
||||||
assert.Assert(c, !strings.Contains(out, "Retrying"))
|
assert.Assert(c, !strings.Contains(out, "Retrying"))
|
||||||
split := strings.Split(out, "\n")
|
split := strings.Split(out, "\n")
|
||||||
assert.Equal(c, split[len(split)-2], "authorization server did not include a token in the response")
|
assert.Check(c, is.Contains(split[len(split)-2], "authorization server did not include a token in the response"))
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue