c8d/integration-cli: Adjust DockerRegistryAuthTokenSuite

The auth service error response is not a part of the spec and containerd
doesn't parse it like the Docker's distribution does.

Check for containerd specific errors instead.

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
This commit is contained in:
Paweł Gronowski 2023-11-28 11:50:07 +01:00
parent f6533a1df1
commit e262cd38ad
No known key found for this signature in database
GPG key ID: B85EFCFE26DEF92A

View file

@ -16,6 +16,7 @@ import (
"github.com/docker/docker/integration-cli/cli" "github.com/docker/docker/integration-cli/cli"
"github.com/docker/docker/integration-cli/cli/build" "github.com/docker/docker/integration-cli/cli/build"
"gotest.tools/v3/assert" "gotest.tools/v3/assert"
is "gotest.tools/v3/assert/cmp"
"gotest.tools/v3/icmd" "gotest.tools/v3/icmd"
) )
@ -262,8 +263,16 @@ func (s *DockerRegistryAuthTokenSuite) TestPushTokenServiceUnauthResponse(c *tes
cli.DockerCmd(c, "tag", "busybox", imgRepo) cli.DockerCmd(c, "tag", "busybox", imgRepo)
out, _, err := dockerCmdWithError("push", imgRepo) out, _, err := dockerCmdWithError("push", imgRepo)
assert.ErrorContains(c, err, "", out) assert.ErrorContains(c, err, "", out)
assert.Assert(c, !strings.Contains(out, "Retrying"))
assert.Assert(c, strings.Contains(out, "unauthorized: a message")) assert.Check(c, !strings.Contains(out, "Retrying"))
// Auth service errors are not part of the spec and containerd doesn't parse them.
if testEnv.UsingSnapshotter() {
assert.Check(c, is.Contains(out, "failed to authorize: failed to fetch anonymous token"))
assert.Check(c, is.Contains(out, "401 Unauthorized"))
} else {
assert.Check(c, is.Contains(out, "unauthorized: a message"))
}
} }
func (s *DockerRegistryAuthTokenSuite) TestPushMisconfiguredTokenServiceResponseUnauthorized(c *testing.T) { func (s *DockerRegistryAuthTokenSuite) TestPushMisconfiguredTokenServiceResponseUnauthorized(c *testing.T) {
@ -276,8 +285,15 @@ func (s *DockerRegistryAuthTokenSuite) TestPushMisconfiguredTokenServiceResponse
out, _, err := dockerCmdWithError("push", imgRepo) out, _, err := dockerCmdWithError("push", imgRepo)
assert.ErrorContains(c, err, "", out) assert.ErrorContains(c, err, "", out)
assert.Assert(c, !strings.Contains(out, "Retrying")) assert.Assert(c, !strings.Contains(out, "Retrying"))
split := strings.Split(out, "\n")
assert.Equal(c, split[len(split)-2], "unauthorized: authentication required") // Auth service errors are not part of the spec and containerd doesn't parse them.
if testEnv.UsingSnapshotter() {
assert.Check(c, is.Contains(out, "failed to authorize: failed to fetch anonymous token"))
assert.Check(c, is.Contains(out, "401 Unauthorized"))
} else {
split := strings.Split(out, "\n")
assert.Check(c, is.Contains(split[len(split)-2], "unauthorized: authentication required"))
}
} }
func (s *DockerRegistryAuthTokenSuite) TestPushMisconfiguredTokenServiceResponseError(c *testing.T) { func (s *DockerRegistryAuthTokenSuite) TestPushMisconfiguredTokenServiceResponseError(c *testing.T) {
@ -292,8 +308,15 @@ func (s *DockerRegistryAuthTokenSuite) TestPushMisconfiguredTokenServiceResponse
// TODO: isolate test so that it can be guaranteed that the 503 will trigger xfer retries // TODO: isolate test so that it can be guaranteed that the 503 will trigger xfer retries
// assert.Assert(c, strings.Contains(out, "Retrying")) // assert.Assert(c, strings.Contains(out, "Retrying"))
// assert.Assert(c, !strings.Contains(out, "Retrying in 15")) // assert.Assert(c, !strings.Contains(out, "Retrying in 15"))
split := strings.Split(out, "\n")
assert.Equal(c, split[len(split)-2], "toomanyrequests: out of tokens") // Auth service errors are not part of the spec and containerd doesn't parse them.
if testEnv.UsingSnapshotter() {
assert.Check(c, is.Contains(out, "failed to authorize: failed to fetch anonymous token"))
assert.Check(c, is.Contains(out, "503 Service Unavailable"))
} else {
split := strings.Split(out, "\n")
assert.Check(c, is.Equal(split[len(split)-2], "toomanyrequests: out of tokens"))
}
} }
func (s *DockerRegistryAuthTokenSuite) TestPushMisconfiguredTokenServiceResponseUnparsable(c *testing.T) { func (s *DockerRegistryAuthTokenSuite) TestPushMisconfiguredTokenServiceResponseUnparsable(c *testing.T) {
@ -305,9 +328,16 @@ func (s *DockerRegistryAuthTokenSuite) TestPushMisconfiguredTokenServiceResponse
cli.DockerCmd(c, "tag", "busybox", imgRepo) cli.DockerCmd(c, "tag", "busybox", imgRepo)
out, _, err := dockerCmdWithError("push", imgRepo) out, _, err := dockerCmdWithError("push", imgRepo)
assert.ErrorContains(c, err, "", out) assert.ErrorContains(c, err, "", out)
assert.Assert(c, !strings.Contains(out, "Retrying")) assert.Check(c, !strings.Contains(out, "Retrying"))
split := strings.Split(out, "\n")
assert.Assert(c, strings.Contains(split[len(split)-2], "error parsing HTTP 403 response body: ")) // Auth service errors are not part of the spec and containerd doesn't parse them.
if testEnv.UsingSnapshotter() {
assert.Check(c, is.Contains(out, "failed to authorize: failed to fetch anonymous token"))
assert.Check(c, is.Contains(out, "403 Forbidden"))
} else {
split := strings.Split(out, "\n")
assert.Check(c, is.Contains(split[len(split)-2], "error parsing HTTP 403 response body: "))
}
} }
func (s *DockerRegistryAuthTokenSuite) TestPushMisconfiguredTokenServiceResponseNoToken(c *testing.T) { func (s *DockerRegistryAuthTokenSuite) TestPushMisconfiguredTokenServiceResponseNoToken(c *testing.T) {
@ -321,5 +351,5 @@ func (s *DockerRegistryAuthTokenSuite) TestPushMisconfiguredTokenServiceResponse
assert.ErrorContains(c, err, "", out) assert.ErrorContains(c, err, "", out)
assert.Assert(c, !strings.Contains(out, "Retrying")) assert.Assert(c, !strings.Contains(out, "Retrying"))
split := strings.Split(out, "\n") split := strings.Split(out, "\n")
assert.Equal(c, split[len(split)-2], "authorization server did not include a token in the response") assert.Check(c, is.Contains(split[len(split)-2], "authorization server did not include a token in the response"))
} }