Add bats script to replace test_docker.sh

Remove Makefile in favor of run.sh script or manual instructions. Update readme to reflect instructions for running integration tests. Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2015-06-05 13:19:50 -07:00 · 2015-06-05 13:19:50 -07:00 · de638db71e
commit de638db71e
parent 06de74a4e9
5 changed files with 132 additions and 137 deletions
--- a/contrib/docker-integration/Makefile
+++ b/contrib/docker-integration/Makefile
@ -1,24 +0,0 @@
-.PHONY: build test
-
-build:
-	docker-compose build
-
-start: build
-	docker-compose up -d
-
-stop:
-	docker-compose stop
-
-clean:
-	docker-compose kill
-	docker-compose rm -f
-
-install:
-	sh ./install_certs.sh localhost
-	sh ./install_certs.sh localregistry
-
-test: 
-	@echo "!!!!Ensure /etc/hosts entry is updated for localregistry and make install has been run"
-	sh ./test_docker.sh localregistry
-
-all: build
--- a/contrib/docker-integration/README.md
+++ b/contrib/docker-integration/README.md
@ -1,16 +1,31 @@
-# Docker Registry Multi-Configuration Testing
+# Docker Registry Integration Testing

-This compose configuration is intended to setup a testing environment for Docker
+These integration tests cover interactions between the Docker daemon and the
+registry server. All tests are run using the docker cli.
+
+The compose configuration is intended to setup a testing environment for Docker
 using multiple registry configurations. These configurations include different
 combinations of a v1 and v2 registry as well as TLS configurations.

-### Limitations
+## Running inside of Docker
+### Get integration container
+The container image to run the integation tests will need to be pulled or built
+locally.

-Currently this setup is configured to use localhost as the hostname which
-limits the ease of testing within Docker since localhost is always treated
-as an insecure registry. To treat localhost as secure the Docker code must
-be modified. Without localhost as secure, the test cases will not distinguish
-between a TLS configuration with a CA and self-signed.
+*Building locally*
+```
+docker build -t distribution/docker-integration .
+```
+
+### Run script
+
+Invoke the tests within Docker through the `run.sh` script.
+
+```
+./run.sh
+```
+
+## Running manually outside of Docker

 ### Install Docker Compose

@ -26,15 +41,14 @@ between a TLS configuration with a CA and self-signed.

 		$  sudo chmod +x /usr/local/bin/docker-compose

-## Usage
-
 ### Start compose setup
 ```
 docker-compose up
 ```

 ### Install Certificates
-The certificates must be installed in /etc/docker/cert.d in order to use TLS client auth and use the CA certificate.
+The certificates must be installed in /etc/docker/cert.d in order to use TLS
+client auth and use the CA certificate.
 ```
 sudo sh ./install_certs.sh
 ```
@ -52,6 +66,16 @@ docker push localhost:5441/hello-world
 # Perform login using user `testuser` and password `passpassword`
 ```

+### Set /etc/hosts entry
+Find the non-localhost ip address of local machine
+
+### Run bats
+Run the bats tests after updating /etc/hosts, installing the certificates, and
+running the `docker-compose` script.
+```
+bats -p .
+```
+
 ## Configurations

 Port | V2 | V1 | TLS | Authentication
@ -59,6 +83,7 @@ Port | V2 | V1 | TLS | Authentication
 5000 | yes | yes | no | none
 5001 | no | yes | no | none
 5002 | yes | no | no | none
+5011 | no | yes | yes | none
 5440 | yes | yes | yes | none
 5441 | yes | yes | yes | basic (testuser/passpassword)
 5442 | yes | yes | yes | TLS client
--- a/contrib/docker-integration/test_docker.sh
+++ b/contrib/docker-integration/test_docker.sh
@ -1,98 +0,0 @@
-#!/bin/sh
-
-hostname=$1
-if [ "$hostname" = "" ]; then
-	hostname="localhost"
-fi
-
-docker pull hello-world
-
-# TLS Configuration chart
-# Username/Password: testuser/passpassword
-#      | ca  | client | basic | notes
-# 5440 | yes | no     | no    | Tests CA certificate
-# 5441 | yes | no     | yes   | Tests basic auth over TLS
-# 5442 | yes | yes    | no    | Tests client auth with client CA
-# 5443 | yes | yes    | no    | Tests client auth without client CA
-# 5444 | yes | yes    | yes   | Tests using basic auth + tls auth
-# 5445 | no  | no     | no    | Tests insecure using TLS
-# 5446 | no  | no     | yes   | Tests sending credentials to server with insecure TLS
-# 5447 | no  | yes    | no    | Tests client auth to insecure
-# 5448 | yes | no     | no    | Bad SSL version
-docker tag -f hello-world $hostname:5440/hello-world
-docker push $hostname:5440/hello-world
-if [ $? -ne 0 ]; then
-	echo "Fail to push"
-	exit 1
-fi
-
-docker login -u testuser -p passpassword -e distribution@docker.com $hostname:5441
-if [ $? -ne 0 ]; then
-	echo "Failed to login"
-	exit 1
-fi
-docker tag -f hello-world $hostname:5441/hello-world
-docker push $hostname:5441/hello-world
-if [ $? -ne 0 ]; then
-	echo "Fail to push"
-	exit 1
-fi
-
-docker tag -f hello-world $hostname:5442/hello-world
-docker push $hostname:5442/hello-world
-if [ $? -ne 0 ]; then
-	echo "Fail to push"
-	exit 1
-fi
-
-docker tag -f hello-world $hostname:5443/hello-world
-docker push $hostname:5443/hello-world
-if [ $? -eq 0 ]; then
-	echo "Expected failure"
-	exit 1
-fi
-
-docker login -u testuser -p passpassword -e distribution@docker.com $hostname:5444
-if [ $? -ne 0 ]; then
-	echo "Failed to login"
-	exit 1
-fi
-docker tag -f hello-world $hostname:5444/hello-world
-docker push $hostname:5444/hello-world
-if [ $? -ne 0 ]; then
-	echo "Fail to push"
-	exit 1
-fi
-
-docker tag -f hello-world $hostname:5445/hello-world
-docker push $hostname:5445/hello-world
-if [ $? -eq 0 ]; then
-	echo "Expected failure with insecure registry"
-	exit 1
-fi
-
-docker login -u testuser -p passpassword -e distribution@docker.com $hostname:5446
-if [ $? -ne 0 ]; then
-	echo "Failed to login"
-	exit 1
-fi
-docker tag -f hello-world $hostname:5446/hello-world
-docker push $hostname:5446/hello-world
-if [ $? -eq 0 ]; then
-	echo "Expected failure with insecure registry"
-	exit 1
-fi
-
-docker tag -f hello-world $hostname:5447/hello-world
-docker push $hostname:5447/hello-world
-if [ $? -eq 0 ]; then
-	echo "Expected failure with insecure registry"
-	exit 1
-fi
-
-docker tag -f hello-world $hostname:5448/hello-world
-docker push $hostname:5448/hello-world
-if [ $? -eq 0 ]; then
-	echo "Expected failure contacting with sslv3"
-	exit 1
-fi
--- a/contrib/docker-integration/test_runner.sh
+++ b/contrib/docker-integration/test_runner.sh
@ -48,7 +48,3 @@ execute docker-compose up -d
 # Run the tests.
 execute time bats -p $TESTS

-
-# Run test script
-execute sh test_docker.sh localregistry
-
--- a/contrib/docker-integration/tls.bats
+++ b/contrib/docker-integration/tls.bats
@ -0,0 +1,96 @@
+# Registry host name, should be set to non-localhost address and match
+# DNS name in nginx/ssl certificates and what is installed in /etc/docker/cert.d
+hostname="localregistry"
+
+image="hello-world:latest"
+
+# Login information, should match values in nginx/test.passwd
+user="testuser"
+password="passpassword"
+email="distribution@docker.com"
+
+function setup() {
+	docker pull $image
+}
+
+# has_digest enforces the last output line is "Digest: sha256:..."
+# the input is the name of the array containing the output lines
+function has_digest() {
+	name=$1[@]
+	lines=("${!name}")
+	length=${#lines[@]}
+	digest_idx=$((length-1))
+	value=${lines[$digest_idx]}
+	result=$(echo "$value"|cut -d':' -f1,2)
+	[ "$result" = "Digest: sha256" ]
+}
+
+function login() {
+	run docker login -u $user -p $password -e $email $1
+	[ "$status" -eq 0 ]
+	# First line is WARNING about credential save
+	[ "${lines[1]}" = "Login Succeeded" ]
+}
+
+@test "Test valid certificates" {
+	docker tag -f $image $hostname:5440/$image
+	run docker push $hostname:5440/$image
+	[ "$status" -eq 0 ]
+	has_digest lines
+}
+
+@test "Test basic auth" {
+	login $hostname:5441
+	docker tag -f $image $hostname:5441/$image
+	run docker push $hostname:5441/$image
+	[ "$status" -eq 0 ]
+	has_digest lines
+}
+
+@test "Test TLS client auth" {
+	docker tag -f $image $hostname:5442/$image
+	run docker push $hostname:5442/$image
+	[ "$status" -eq 0 ]
+	has_digest lines
+}
+
+@test "Test TLS client with invalid certificate authority fails" {
+	docker tag -f $image $hostname:5443/$image
+	run docker push $hostname:5443/$image
+	[ "$status" -ne 0 ]
+}
+
+@test "Test basic auth with TLS client auth" {
+	login $hostname:5444
+	docker tag -f $image $hostname:5444/$image
+	run docker push $hostname:5444/$image
+	[ "$status" -eq 0 ]
+	has_digest lines
+}
+
+@test "Test unknown certificate authority fails" {
+	docker tag -f $image $hostname:5445/$image
+	run docker push $hostname:5445/$image
+	[ "$status" -ne 0 ]
+}
+
+@test "Test basic auth with unknown certificate authority fails" {
+	run login $hostname:5446
+	[ "$status" -ne 0 ]
+	docker tag -f $image $hostname:5446/$image
+	run docker push $hostname:5446/$image
+	[ "$status" -ne 0 ]
+}
+
+@test "Test TLS client auth to server with unknown certificate authority fails" {
+	docker tag -f $image $hostname:5447/$image
+	run docker push $hostname:5447/$image
+	[ "$status" -ne 0 ]
+}
+
+@test "Test failure to connect to server fails to fallback to SSLv3" {
+	docker tag -f $image $hostname:5448/$image
+	run docker push $hostname:5448/$image
+	[ "$status" -ne 0 ]
+}
+