distribution/contrib/docker-integration/tls.bats

# Registry host name, should be set to non-localhost address and match
# DNS name in nginx/ssl certificates and what is installed in /etc/docker/cert.d
hostname="localregistry"

image="hello-world:latest"

# Login information, should match values in nginx/test.passwd
user="testuser"
password="passpassword"
email="distribution@docker.com"

function setup() {
	docker pull $image
}

# skip basic auth tests with Docker 1.6, where they don't pass due to
# certificate issues
function basic_auth_version_check() {
	run sh -c 'docker version | fgrep -q "Client version: 1.6."'
	if [ "$status" -eq 0 ]; then
		skip "Basic auth tests don't support 1.6.x"
	fi
}

# has_digest enforces the last output line is "Digest: sha256:..."
# the input is the name of the array containing the output lines
function has_digest() {
	filtered=$(echo "$1" |sed -rn '/[dD]igest\: sha(256|384|512)/ p')
	[ "$filtered" != "" ]
}

function login() {
	run docker login -u $user -p $password -e $email $1
	[ "$status" -eq 0 ]
	# First line is WARNING about credential save
	[ "${lines[1]}" = "Login Succeeded" ]
}

@test "Test valid certificates" {
	docker tag -f $image $hostname:5440/$image
	run docker push $hostname:5440/$image
	[ "$status" -eq 0 ]
	has_digest "$output"
}

@test "Test basic auth" {
	basic_auth_version_check
	login $hostname:5441
	docker tag -f $image $hostname:5441/$image
	run docker push $hostname:5441/$image
	[ "$status" -eq 0 ]
	has_digest "$output"
}

@test "Test TLS client auth" {
	docker tag -f $image $hostname:5442/$image
	run docker push $hostname:5442/$image
	[ "$status" -eq 0 ]
	has_digest "$output"
}

@test "Test TLS client with invalid certificate authority fails" {
	docker tag -f $image $hostname:5443/$image
	run docker push $hostname:5443/$image
	[ "$status" -ne 0 ]
}

@test "Test basic auth with TLS client auth" {
	basic_auth_version_check
	login $hostname:5444
	docker tag -f $image $hostname:5444/$image
	run docker push $hostname:5444/$image
	[ "$status" -eq 0 ]
	has_digest "$output"
}

@test "Test unknown certificate authority fails" {
	docker tag -f $image $hostname:5445/$image
	run docker push $hostname:5445/$image
	[ "$status" -ne 0 ]
}

@test "Test basic auth with unknown certificate authority fails" {
	run login $hostname:5446
	[ "$status" -ne 0 ]
	docker tag -f $image $hostname:5446/$image
	run docker push $hostname:5446/$image
	[ "$status" -ne 0 ]
}

@test "Test TLS client auth to server with unknown certificate authority fails" {
	docker tag -f $image $hostname:5447/$image
	run docker push $hostname:5447/$image
	[ "$status" -ne 0 ]
}

@test "Test failure to connect to server fails to fallback to SSLv3" {
	docker tag -f $image $hostname:5448/$image
	run docker push $hostname:5448/$image
	[ "$status" -ne 0 ]
}
Add bats script to replace test_docker.sh Remove Makefile in favor of run.sh script or manual instructions. Update readme to reflect instructions for running integration tests. Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan) 2015-06-05 20:19:50 +00:00			`# Registry host name, should be set to non-localhost address and match`
			`# DNS name in nginx/ssl certificates and what is installed in /etc/docker/cert.d`
			`hostname="localregistry"`

			`image="hello-world:latest"`

			`# Login information, should match values in nginx/test.passwd`
			`user="testuser"`
			`password="passpassword"`
			`email="distribution@docker.com"`

			`function setup() {`
			`docker pull $image`
			`}`

Run integration tests with multiple Docker engine versions Add a run_multiversion.sh script that downloads a variety of Docker engines and runs the integration tests against each of them. Skip some of the tests when running with Docker 1.6.0. It has a bug that prevents these tests from completing successfully. Fixes #751 Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com> 2015-07-28 01:08:04 +00:00			`# skip basic auth tests with Docker 1.6, where they don't pass due to`
			`# certificate issues`
			`function basic_auth_version_check() {`
Change run_multiversion.sh to get Docker engine versions from dind container This is much better than downloading the builds with curl, because Docker is intelligent about only pulling what it needs. We use tagged versions of dind for the released version, and dind-master for a master build. Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com> 2015-07-30 22:38:33 +00:00			`run sh -c 'docker version \| fgrep -q "Client version: 1.6."'`
Run integration tests with multiple Docker engine versions Add a run_multiversion.sh script that downloads a variety of Docker engines and runs the integration tests against each of them. Skip some of the tests when running with Docker 1.6.0. It has a bug that prevents these tests from completing successfully. Fixes #751 Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com> 2015-07-28 01:08:04 +00:00			`if [ "$status" -eq 0 ]; then`
Change run_multiversion.sh to get Docker engine versions from dind container This is much better than downloading the builds with curl, because Docker is intelligent about only pulling what it needs. We use tagged versions of dind for the released version, and dind-master for a master build. Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com> 2015-07-30 22:38:33 +00:00			`skip "Basic auth tests don't support 1.6.x"`
Run integration tests with multiple Docker engine versions Add a run_multiversion.sh script that downloads a variety of Docker engines and runs the integration tests against each of them. Skip some of the tests when running with Docker 1.6.0. It has a bug that prevents these tests from completing successfully. Fixes #751 Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com> 2015-07-28 01:08:04 +00:00			`fi`
			`}`

Add bats script to replace test_docker.sh Remove Makefile in favor of run.sh script or manual instructions. Update readme to reflect instructions for running integration tests. Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan) 2015-06-05 20:19:50 +00:00			`# has_digest enforces the last output line is "Digest: sha256:..."`
			`# the input is the name of the array containing the output lines`
			`function has_digest() {`
Update has digest test in scripts Make has_digest function more robust for testing 1.8 and newer Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan) 2015-07-28 01:32:02 +00:00			`filtered=$(echo "$1" \|sed -rn '/[dD]igest\: sha(256\|384\|512)/ p')`
			`[ "$filtered" != "" ]`
Add bats script to replace test_docker.sh Remove Makefile in favor of run.sh script or manual instructions. Update readme to reflect instructions for running integration tests. Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan) 2015-06-05 20:19:50 +00:00			`}`

			`function login() {`
			`run docker login -u $user -p $password -e $email $1`
			`[ "$status" -eq 0 ]`
			`# First line is WARNING about credential save`
			`[ "${lines[1]}" = "Login Succeeded" ]`
			`}`

			`@test "Test valid certificates" {`
			`docker tag -f $image $hostname:5440/$image`
			`run docker push $hostname:5440/$image`
			`[ "$status" -eq 0 ]`
Update has digest test in scripts Make has_digest function more robust for testing 1.8 and newer Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan) 2015-07-28 01:32:02 +00:00			`has_digest "$output"`
Add bats script to replace test_docker.sh Remove Makefile in favor of run.sh script or manual instructions. Update readme to reflect instructions for running integration tests. Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan) 2015-06-05 20:19:50 +00:00			`}`

			`@test "Test basic auth" {`
Run integration tests with multiple Docker engine versions Add a run_multiversion.sh script that downloads a variety of Docker engines and runs the integration tests against each of them. Skip some of the tests when running with Docker 1.6.0. It has a bug that prevents these tests from completing successfully. Fixes #751 Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com> 2015-07-28 01:08:04 +00:00			`basic_auth_version_check`
Add bats script to replace test_docker.sh Remove Makefile in favor of run.sh script or manual instructions. Update readme to reflect instructions for running integration tests. Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan) 2015-06-05 20:19:50 +00:00			`login $hostname:5441`
			`docker tag -f $image $hostname:5441/$image`
			`run docker push $hostname:5441/$image`
			`[ "$status" -eq 0 ]`
Update has digest test in scripts Make has_digest function more robust for testing 1.8 and newer Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan) 2015-07-28 01:32:02 +00:00			`has_digest "$output"`
Add bats script to replace test_docker.sh Remove Makefile in favor of run.sh script or manual instructions. Update readme to reflect instructions for running integration tests. Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan) 2015-06-05 20:19:50 +00:00			`}`

			`@test "Test TLS client auth" {`
			`docker tag -f $image $hostname:5442/$image`
			`run docker push $hostname:5442/$image`
			`[ "$status" -eq 0 ]`
Update has digest test in scripts Make has_digest function more robust for testing 1.8 and newer Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan) 2015-07-28 01:32:02 +00:00			`has_digest "$output"`
Add bats script to replace test_docker.sh Remove Makefile in favor of run.sh script or manual instructions. Update readme to reflect instructions for running integration tests. Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan) 2015-06-05 20:19:50 +00:00			`}`

			`@test "Test TLS client with invalid certificate authority fails" {`
			`docker tag -f $image $hostname:5443/$image`
			`run docker push $hostname:5443/$image`
			`[ "$status" -ne 0 ]`
			`}`

			`@test "Test basic auth with TLS client auth" {`
Run integration tests with multiple Docker engine versions Add a run_multiversion.sh script that downloads a variety of Docker engines and runs the integration tests against each of them. Skip some of the tests when running with Docker 1.6.0. It has a bug that prevents these tests from completing successfully. Fixes #751 Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com> 2015-07-28 01:08:04 +00:00			`basic_auth_version_check`
Add bats script to replace test_docker.sh Remove Makefile in favor of run.sh script or manual instructions. Update readme to reflect instructions for running integration tests. Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan) 2015-06-05 20:19:50 +00:00			`login $hostname:5444`
			`docker tag -f $image $hostname:5444/$image`
			`run docker push $hostname:5444/$image`
			`[ "$status" -eq 0 ]`
Update has digest test in scripts Make has_digest function more robust for testing 1.8 and newer Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan) 2015-07-28 01:32:02 +00:00			`has_digest "$output"`
Add bats script to replace test_docker.sh Remove Makefile in favor of run.sh script or manual instructions. Update readme to reflect instructions for running integration tests. Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan) 2015-06-05 20:19:50 +00:00			`}`

			`@test "Test unknown certificate authority fails" {`
			`docker tag -f $image $hostname:5445/$image`
			`run docker push $hostname:5445/$image`
			`[ "$status" -ne 0 ]`
			`}`

			`@test "Test basic auth with unknown certificate authority fails" {`
			`run login $hostname:5446`
			`[ "$status" -ne 0 ]`
			`docker tag -f $image $hostname:5446/$image`
			`run docker push $hostname:5446/$image`
			`[ "$status" -ne 0 ]`
			`}`

			`@test "Test TLS client auth to server with unknown certificate authority fails" {`
			`docker tag -f $image $hostname:5447/$image`
			`run docker push $hostname:5447/$image`
			`[ "$status" -ne 0 ]`
			`}`

			`@test "Test failure to connect to server fails to fallback to SSLv3" {`
			`docker tag -f $image $hostname:5448/$image`
			`run docker push $hostname:5448/$image`
			`[ "$status" -ne 0 ]`
			`}`