Add v1 search with v2 token auth test

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2016-07-13 17:03:14 -07:00 · 2016-07-13 17:03:14 -07:00 · fc07e0380e
parent 022416c502
commit fc07e0380e
7 changed files with 88 additions and 0 deletions
--- a/contrib/docker-integration/docker-compose.yml
+++ b/contrib/docker-integration/docker-compose.yml
@ -18,6 +18,7 @@ nginx:
    - "5557:5557"
    - "5558:5558"
    - "5559:5559"
+    - "5600:5600"
    - "6666:6666"
  links:
    - registryv2:registryv2
@ -25,6 +26,7 @@ nginx:
    - registryv2token:registryv2token
    - tokenserver:tokenserver
    - registryv2tokenoauth:registryv2tokenoauth
+    - registryv2tokenoauthnotls:registryv2tokenoauthnotls
    - tokenserveroauth:tokenserveroauth
 registryv2:
  image: golem-distribution:latest
@ -53,6 +55,13 @@ registryv2tokenoauth:
    - ./tokenserver-oauth/certs/localregistry.cert:/etc/docker/registry/localregistry.cert
    - ./tokenserver-oauth/certs/localregistry.key:/etc/docker/registry/localregistry.key
    - ./tokenserver-oauth/certs/signing.cert:/etc/docker/registry/tokenbundle.pem
+registryv2tokenoauthnotls:
+  image: golem-distribution:latest
+  ports:
+    - "5000"
+  volumes:
+    - ./tokenserver-oauth/registry-config-notls.yml:/etc/docker/registry/config.yml
+    - ./tokenserver-oauth/certs/signing.cert:/etc/docker/registry/tokenbundle.pem
 tokenserveroauth:
  build: "tokenserver-oauth"
  command: "--debug -addr 0.0.0.0:5559 -issuer registry-test -passwd .htpasswd -tlscert tls.cert -tlskey tls.key -key sign.key -realm http://auth.localregistry:5559"
--- a/contrib/docker-integration/install_certs.sh
+++ b/contrib/docker-integration/install_certs.sh
@ -23,6 +23,7 @@ install_test_certs() {
 	# For test remove CA
 	rm $1/${hostname}:5447/ca.crt
 	install_ca $1 5448
+	install_ca $1 5600
 }

 install_ca_file() {
@ -30,6 +31,11 @@ install_ca_file() {
 	cp $1 $2/ca.crt
 }

+append_ca_file() {
+	mkdir -p $2
+	cat $1 >> $2/ca.crt
+}
+
 install_test_certs $installdir

 # Malevolent server
@ -40,4 +46,5 @@ install_ca_file ./tokenserver/certs/ca.pem $installdir/$hostname:5554
 install_ca_file ./tokenserver/certs/ca.pem $installdir/$hostname:5555
 install_ca_file ./tokenserver/certs/ca.pem $installdir/$hostname:5557
 install_ca_file ./tokenserver/certs/ca.pem $installdir/$hostname:5558
+append_ca_file ./tokenserver/certs/ca.pem $installdir/$hostname:5600

--- a/contrib/docker-integration/nginx/Dockerfile
+++ b/contrib/docker-integration/nginx/Dockerfile
@ -7,3 +7,4 @@ COPY registry-noauth.conf /etc/nginx/registry-noauth.conf
 COPY registry-basic.conf /etc/nginx/registry-basic.conf
 COPY test.passwd /etc/nginx/test.passwd
 COPY ssl /etc/nginx/ssl
+COPY v1 /var/www/html/v1
--- a/contrib/docker-integration/nginx/registry.conf
+++ b/contrib/docker-integration/nginx/registry.conf
@ -219,3 +219,42 @@ server {
  include registry-noauth.conf;
 }

+
+# V1 search test
+# Registry configured with token auth and no tls
+# TLS termination done by nginx, search results
+# served by nginx
+
+upstream docker-registry-v2-oauth {
+  server registryv2tokenoauthnotls:5000;
+}
+
+server {
+  listen 5600;
+  server_name localregistry;
+  ssl on;
+  ssl_certificate /etc/nginx/ssl/registry-ca+localregistry-cert.pem;
+  ssl_certificate_key /etc/nginx/ssl/registry-ca+localregistry-key.pem;
+
+  root /var/www/html;
+
+  client_max_body_size 0;
+  chunked_transfer_encoding on;
+  location /v2/ {
+    proxy_buffering off;
+    proxy_pass                          http://docker-registry-v2-oauth;
+    proxy_set_header  Host              $http_host;   # required for docker client's sake
+    proxy_set_header  X-Real-IP         $remote_addr; # pass on real client's IP
+    proxy_set_header  X-Forwarded-For   $proxy_add_x_forwarded_for;
+    proxy_set_header  X-Forwarded-Proto $scheme;
+    proxy_read_timeout                  900;
+  }
+
+  location /v1/search {
+    if ($http_authorization !~ "Bearer [a-zA-Z0-9\._-]+") {
+	return 401;
+    }
+    try_files /v1/search.json =404;
+    add_header Content-Type application/json;
+  }
+}
--- a/contrib/docker-integration/nginx/v1/search.json
+++ b/contrib/docker-integration/nginx/v1/search.json
@ -0,0 +1 @@
+{"num_pages":1,"num_results":2,"page":1,"page_size": 25,"query":"testsearch","results":[{"description":"","is_automated":false,"is_official":false,"is_trusted":false, "name":"dmcgowan/testsearch-1","star_count":1000},{"description":"Some automated build","is_automated":true,"is_official":false,"is_trusted":false,"name":"dmcgowan/testsearch-2","star_count":10}]}
--- a/contrib/docker-integration/token.bats
+++ b/contrib/docker-integration/token.bats
@ -117,3 +117,19 @@ base="hello-world"
 	run docker_t push $image
 	[ "$status" -ne 0 ]
 }
+
+@test "Test oauth with v1 search" {
+	version_check docker "$GOLEM_DIND_VERSION" "1.12.0"
+
+	run docker_t search localregistry:5600/testsearch
+	[ "$status" -ne 0 ]
+
+	login_oauth localregistry:5600
+
+	run docker_t search localregistry:5600/testsearch
+	echo $output
+	[ "$status" -eq 0 ]
+
+	echo $output | grep "testsearch-1"
+	echo $output | grep "testsearch-2"
+}
--- a/contrib/docker-integration/tokenserver-oauth/registry-config-notls.yml
+++ b/contrib/docker-integration/tokenserver-oauth/registry-config-notls.yml
@ -0,0 +1,15 @@
+version: 0.1
+loglevel: debug
+storage:
+    cache:
+        blobdescriptor: inmemory
+    filesystem:
+        rootdirectory: /tmp/registry-dev
+http:
+    addr: 0.0.0.0:5000
+auth:
+    token:
+        realm: "https://auth.localregistry:5559/token/"
+        issuer: "registry-test"
+        service: "registry-test"
+        rootcertbundle: "/etc/docker/registry/tokenbundle.pem"
				`@ -0,0 +1 @@`
				`{"num_pages":1,"num_results":2,"page":1,"page_size": 25,"query":"testsearch","results":[{"description":"","is_automated":false,"is_official":false,"is_trusted":false, "name":"dmcgowan/testsearch-1","star_count":1000},{"description":"Some automated build","is_automated":true,"is_official":false,"is_trusted":false,"name":"dmcgowan/testsearch-2","star_count":10}]}`