0f7c9cd27e
Both of these were deprecated in 55f675811a
,
but the format of the GoDoc comments didn't follow the correct format, which
caused them not being picked up by tools as "deprecated".
This patch updates uses in the codebase to use the alternatives.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
239 lines
6.3 KiB
Go
239 lines
6.3 KiB
Go
package registry // import "github.com/docker/docker/testutil/registry"
|
|
|
|
import (
|
|
"fmt"
|
|
"io"
|
|
"net/http"
|
|
"os"
|
|
"os/exec"
|
|
"path/filepath"
|
|
"testing"
|
|
"time"
|
|
|
|
"github.com/opencontainers/go-digest"
|
|
"gotest.tools/v3/assert"
|
|
)
|
|
|
|
const (
|
|
// V2binary is the name of the registry v2 binary
|
|
V2binary = "registry-v2"
|
|
// V2binarySchema1 is the name of the registry that serve schema1
|
|
V2binarySchema1 = "registry-v2-schema1"
|
|
// DefaultURL is the default url that will be used by the registry (if not specified otherwise)
|
|
DefaultURL = "127.0.0.1:5000"
|
|
)
|
|
|
|
// V2 represent a registry version 2
|
|
type V2 struct {
|
|
cmd *exec.Cmd
|
|
registryURL string
|
|
dir string
|
|
auth string
|
|
username string
|
|
password string
|
|
email string
|
|
}
|
|
|
|
// Config contains the test registry configuration
|
|
type Config struct {
|
|
schema1 bool
|
|
auth string
|
|
tokenURL string
|
|
registryURL string
|
|
stdout io.Writer
|
|
stderr io.Writer
|
|
}
|
|
|
|
// NewV2 creates a v2 registry server
|
|
func NewV2(t testing.TB, ops ...func(*Config)) *V2 {
|
|
t.Helper()
|
|
c := &Config{
|
|
registryURL: DefaultURL,
|
|
}
|
|
for _, op := range ops {
|
|
op(c)
|
|
}
|
|
tmp, err := os.MkdirTemp("", "registry-test-")
|
|
assert.NilError(t, err)
|
|
template := `version: 0.1
|
|
loglevel: debug
|
|
storage:
|
|
filesystem:
|
|
rootdirectory: %s
|
|
http:
|
|
addr: %s
|
|
%s`
|
|
var (
|
|
authTemplate string
|
|
username string
|
|
password string
|
|
email string
|
|
)
|
|
switch c.auth {
|
|
case "htpasswd":
|
|
htpasswdPath := filepath.Join(tmp, "htpasswd")
|
|
// generated with: htpasswd -Bbn testuser testpassword
|
|
// #nosec G101
|
|
userpasswd := "testuser:$2y$05$sBsSqk0OpSD1uTZkHXc4FeJ0Z70wLQdAX/82UiHuQOKbNbBrzs63m"
|
|
username = "testuser"
|
|
password = "testpassword"
|
|
email = "test@test.org"
|
|
err := os.WriteFile(htpasswdPath, []byte(userpasswd), os.FileMode(0644))
|
|
assert.NilError(t, err)
|
|
authTemplate = fmt.Sprintf(`auth:
|
|
htpasswd:
|
|
realm: basic-realm
|
|
path: %s
|
|
`, htpasswdPath)
|
|
case "token":
|
|
authTemplate = fmt.Sprintf(`auth:
|
|
token:
|
|
realm: %s
|
|
service: "registry"
|
|
issuer: "auth-registry"
|
|
rootcertbundle: "fixtures/registry/cert.pem"
|
|
`, c.tokenURL)
|
|
}
|
|
|
|
confPath := filepath.Join(tmp, "config.yaml")
|
|
config, err := os.Create(confPath)
|
|
assert.NilError(t, err)
|
|
defer config.Close()
|
|
|
|
if _, err := fmt.Fprintf(config, template, tmp, c.registryURL, authTemplate); err != nil {
|
|
// FIXME(vdemeester) use a defer/clean func
|
|
os.RemoveAll(tmp)
|
|
t.Fatal(err)
|
|
}
|
|
|
|
binary := V2binary
|
|
if c.schema1 {
|
|
binary = V2binarySchema1
|
|
}
|
|
cmd := exec.Command(binary, confPath)
|
|
cmd.Stdout = c.stdout
|
|
cmd.Stderr = c.stderr
|
|
if err := cmd.Start(); err != nil {
|
|
// FIXME(vdemeester) use a defer/clean func
|
|
os.RemoveAll(tmp)
|
|
t.Fatal(err)
|
|
}
|
|
return &V2{
|
|
cmd: cmd,
|
|
dir: tmp,
|
|
auth: c.auth,
|
|
username: username,
|
|
password: password,
|
|
email: email,
|
|
registryURL: c.registryURL,
|
|
}
|
|
}
|
|
|
|
// WaitReady waits for the registry to be ready to serve requests (or fail after a while)
|
|
func (r *V2) WaitReady(t testing.TB) {
|
|
t.Helper()
|
|
var err error
|
|
for i := 0; i != 50; i++ {
|
|
if err = r.Ping(); err == nil {
|
|
return
|
|
}
|
|
time.Sleep(100 * time.Millisecond)
|
|
}
|
|
t.Fatalf("timeout waiting for test registry to become available: %v", err)
|
|
}
|
|
|
|
// Ping sends an http request to the current registry, and fail if it doesn't respond correctly
|
|
func (r *V2) Ping() error {
|
|
// We always ping through HTTP for our test registry.
|
|
resp, err := http.Get(fmt.Sprintf("http://%s/v2/", r.registryURL))
|
|
if err != nil {
|
|
return err
|
|
}
|
|
resp.Body.Close()
|
|
|
|
fail := resp.StatusCode != http.StatusOK
|
|
if r.auth != "" {
|
|
// unauthorized is a _good_ status when pinging v2/ and it needs auth
|
|
fail = fail && resp.StatusCode != http.StatusUnauthorized
|
|
}
|
|
if fail {
|
|
return fmt.Errorf("registry ping replied with an unexpected status code %d", resp.StatusCode)
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// Close kills the registry server
|
|
func (r *V2) Close() {
|
|
r.cmd.Process.Kill()
|
|
r.cmd.Process.Wait()
|
|
os.RemoveAll(r.dir)
|
|
}
|
|
|
|
func (r *V2) getBlobFilename(blobDigest digest.Digest) string {
|
|
// Split the digest into its algorithm and hex components.
|
|
dgstAlg, dgstHex := blobDigest.Algorithm(), blobDigest.Encoded()
|
|
|
|
// The path to the target blob data looks something like:
|
|
// baseDir + "docker/registry/v2/blobs/sha256/a3/a3ed...46d4/data"
|
|
return fmt.Sprintf("%s/docker/registry/v2/blobs/%s/%s/%s/data", r.dir, dgstAlg, dgstHex[:2], dgstHex)
|
|
}
|
|
|
|
// ReadBlobContents read the file corresponding to the specified digest
|
|
func (r *V2) ReadBlobContents(t testing.TB, blobDigest digest.Digest) []byte {
|
|
t.Helper()
|
|
// Load the target manifest blob.
|
|
manifestBlob, err := os.ReadFile(r.getBlobFilename(blobDigest))
|
|
assert.NilError(t, err, "unable to read blob")
|
|
return manifestBlob
|
|
}
|
|
|
|
// WriteBlobContents write the file corresponding to the specified digest with the given content
|
|
func (r *V2) WriteBlobContents(t testing.TB, blobDigest digest.Digest, data []byte) {
|
|
t.Helper()
|
|
err := os.WriteFile(r.getBlobFilename(blobDigest), data, os.FileMode(0644))
|
|
assert.NilError(t, err, "unable to write malicious data blob")
|
|
}
|
|
|
|
// TempMoveBlobData moves the existing data file aside, so that we can replace it with a
|
|
// malicious blob of data for example.
|
|
func (r *V2) TempMoveBlobData(t testing.TB, blobDigest digest.Digest) (undo func()) {
|
|
t.Helper()
|
|
tempFile, err := os.CreateTemp("", "registry-temp-blob-")
|
|
assert.NilError(t, err, "unable to get temporary blob file")
|
|
tempFile.Close()
|
|
|
|
blobFilename := r.getBlobFilename(blobDigest)
|
|
|
|
// Move the existing data file aside, so that we can replace it with a
|
|
// another blob of data.
|
|
if err := os.Rename(blobFilename, tempFile.Name()); err != nil {
|
|
// FIXME(vdemeester) use a defer/clean func
|
|
os.Remove(tempFile.Name())
|
|
t.Fatalf("unable to move data blob: %s", err)
|
|
}
|
|
|
|
return func() {
|
|
os.Rename(tempFile.Name(), blobFilename)
|
|
os.Remove(tempFile.Name())
|
|
}
|
|
}
|
|
|
|
// Username returns the configured user name of the server
|
|
func (r *V2) Username() string {
|
|
return r.username
|
|
}
|
|
|
|
// Password returns the configured password of the server
|
|
func (r *V2) Password() string {
|
|
return r.password
|
|
}
|
|
|
|
// Email returns the configured email of the server
|
|
func (r *V2) Email() string {
|
|
return r.email
|
|
}
|
|
|
|
// Path returns the path where the registry write data
|
|
func (r *V2) Path() string {
|
|
return filepath.Join(r.dir, "docker", "registry", "v2")
|
|
}
|