forked from TrueCloudLab/distribution
Add bats script to replace test_docker.sh
Remove Makefile in favor of run.sh script or manual instructions. Update readme to reflect instructions for running integration tests. Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
This commit is contained in:
parent
06de74a4e9
commit
de638db71e
5 changed files with 132 additions and 137 deletions
|
@ -1,24 +0,0 @@
|
||||||
.PHONY: build test
|
|
||||||
|
|
||||||
build:
|
|
||||||
docker-compose build
|
|
||||||
|
|
||||||
start: build
|
|
||||||
docker-compose up -d
|
|
||||||
|
|
||||||
stop:
|
|
||||||
docker-compose stop
|
|
||||||
|
|
||||||
clean:
|
|
||||||
docker-compose kill
|
|
||||||
docker-compose rm -f
|
|
||||||
|
|
||||||
install:
|
|
||||||
sh ./install_certs.sh localhost
|
|
||||||
sh ./install_certs.sh localregistry
|
|
||||||
|
|
||||||
test:
|
|
||||||
@echo "!!!!Ensure /etc/hosts entry is updated for localregistry and make install has been run"
|
|
||||||
sh ./test_docker.sh localregistry
|
|
||||||
|
|
||||||
all: build
|
|
|
@ -1,16 +1,31 @@
|
||||||
# Docker Registry Multi-Configuration Testing
|
# Docker Registry Integration Testing
|
||||||
|
|
||||||
This compose configuration is intended to setup a testing environment for Docker
|
These integration tests cover interactions between the Docker daemon and the
|
||||||
|
registry server. All tests are run using the docker cli.
|
||||||
|
|
||||||
|
The compose configuration is intended to setup a testing environment for Docker
|
||||||
using multiple registry configurations. These configurations include different
|
using multiple registry configurations. These configurations include different
|
||||||
combinations of a v1 and v2 registry as well as TLS configurations.
|
combinations of a v1 and v2 registry as well as TLS configurations.
|
||||||
|
|
||||||
### Limitations
|
## Running inside of Docker
|
||||||
|
### Get integration container
|
||||||
|
The container image to run the integation tests will need to be pulled or built
|
||||||
|
locally.
|
||||||
|
|
||||||
Currently this setup is configured to use localhost as the hostname which
|
*Building locally*
|
||||||
limits the ease of testing within Docker since localhost is always treated
|
```
|
||||||
as an insecure registry. To treat localhost as secure the Docker code must
|
docker build -t distribution/docker-integration .
|
||||||
be modified. Without localhost as secure, the test cases will not distinguish
|
```
|
||||||
between a TLS configuration with a CA and self-signed.
|
|
||||||
|
### Run script
|
||||||
|
|
||||||
|
Invoke the tests within Docker through the `run.sh` script.
|
||||||
|
|
||||||
|
```
|
||||||
|
./run.sh
|
||||||
|
```
|
||||||
|
|
||||||
|
## Running manually outside of Docker
|
||||||
|
|
||||||
### Install Docker Compose
|
### Install Docker Compose
|
||||||
|
|
||||||
|
@ -26,15 +41,14 @@ between a TLS configuration with a CA and self-signed.
|
||||||
|
|
||||||
$ sudo chmod +x /usr/local/bin/docker-compose
|
$ sudo chmod +x /usr/local/bin/docker-compose
|
||||||
|
|
||||||
## Usage
|
|
||||||
|
|
||||||
### Start compose setup
|
### Start compose setup
|
||||||
```
|
```
|
||||||
docker-compose up
|
docker-compose up
|
||||||
```
|
```
|
||||||
|
|
||||||
### Install Certificates
|
### Install Certificates
|
||||||
The certificates must be installed in /etc/docker/cert.d in order to use TLS client auth and use the CA certificate.
|
The certificates must be installed in /etc/docker/cert.d in order to use TLS
|
||||||
|
client auth and use the CA certificate.
|
||||||
```
|
```
|
||||||
sudo sh ./install_certs.sh
|
sudo sh ./install_certs.sh
|
||||||
```
|
```
|
||||||
|
@ -52,6 +66,16 @@ docker push localhost:5441/hello-world
|
||||||
# Perform login using user `testuser` and password `passpassword`
|
# Perform login using user `testuser` and password `passpassword`
|
||||||
```
|
```
|
||||||
|
|
||||||
|
### Set /etc/hosts entry
|
||||||
|
Find the non-localhost ip address of local machine
|
||||||
|
|
||||||
|
### Run bats
|
||||||
|
Run the bats tests after updating /etc/hosts, installing the certificates, and
|
||||||
|
running the `docker-compose` script.
|
||||||
|
```
|
||||||
|
bats -p .
|
||||||
|
```
|
||||||
|
|
||||||
## Configurations
|
## Configurations
|
||||||
|
|
||||||
Port | V2 | V1 | TLS | Authentication
|
Port | V2 | V1 | TLS | Authentication
|
||||||
|
@ -59,6 +83,7 @@ Port | V2 | V1 | TLS | Authentication
|
||||||
5000 | yes | yes | no | none
|
5000 | yes | yes | no | none
|
||||||
5001 | no | yes | no | none
|
5001 | no | yes | no | none
|
||||||
5002 | yes | no | no | none
|
5002 | yes | no | no | none
|
||||||
|
5011 | no | yes | yes | none
|
||||||
5440 | yes | yes | yes | none
|
5440 | yes | yes | yes | none
|
||||||
5441 | yes | yes | yes | basic (testuser/passpassword)
|
5441 | yes | yes | yes | basic (testuser/passpassword)
|
||||||
5442 | yes | yes | yes | TLS client
|
5442 | yes | yes | yes | TLS client
|
||||||
|
|
|
@ -1,98 +0,0 @@
|
||||||
#!/bin/sh
|
|
||||||
|
|
||||||
hostname=$1
|
|
||||||
if [ "$hostname" = "" ]; then
|
|
||||||
hostname="localhost"
|
|
||||||
fi
|
|
||||||
|
|
||||||
docker pull hello-world
|
|
||||||
|
|
||||||
# TLS Configuration chart
|
|
||||||
# Username/Password: testuser/passpassword
|
|
||||||
# | ca | client | basic | notes
|
|
||||||
# 5440 | yes | no | no | Tests CA certificate
|
|
||||||
# 5441 | yes | no | yes | Tests basic auth over TLS
|
|
||||||
# 5442 | yes | yes | no | Tests client auth with client CA
|
|
||||||
# 5443 | yes | yes | no | Tests client auth without client CA
|
|
||||||
# 5444 | yes | yes | yes | Tests using basic auth + tls auth
|
|
||||||
# 5445 | no | no | no | Tests insecure using TLS
|
|
||||||
# 5446 | no | no | yes | Tests sending credentials to server with insecure TLS
|
|
||||||
# 5447 | no | yes | no | Tests client auth to insecure
|
|
||||||
# 5448 | yes | no | no | Bad SSL version
|
|
||||||
docker tag -f hello-world $hostname:5440/hello-world
|
|
||||||
docker push $hostname:5440/hello-world
|
|
||||||
if [ $? -ne 0 ]; then
|
|
||||||
echo "Fail to push"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
docker login -u testuser -p passpassword -e distribution@docker.com $hostname:5441
|
|
||||||
if [ $? -ne 0 ]; then
|
|
||||||
echo "Failed to login"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
docker tag -f hello-world $hostname:5441/hello-world
|
|
||||||
docker push $hostname:5441/hello-world
|
|
||||||
if [ $? -ne 0 ]; then
|
|
||||||
echo "Fail to push"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
docker tag -f hello-world $hostname:5442/hello-world
|
|
||||||
docker push $hostname:5442/hello-world
|
|
||||||
if [ $? -ne 0 ]; then
|
|
||||||
echo "Fail to push"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
docker tag -f hello-world $hostname:5443/hello-world
|
|
||||||
docker push $hostname:5443/hello-world
|
|
||||||
if [ $? -eq 0 ]; then
|
|
||||||
echo "Expected failure"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
docker login -u testuser -p passpassword -e distribution@docker.com $hostname:5444
|
|
||||||
if [ $? -ne 0 ]; then
|
|
||||||
echo "Failed to login"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
docker tag -f hello-world $hostname:5444/hello-world
|
|
||||||
docker push $hostname:5444/hello-world
|
|
||||||
if [ $? -ne 0 ]; then
|
|
||||||
echo "Fail to push"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
docker tag -f hello-world $hostname:5445/hello-world
|
|
||||||
docker push $hostname:5445/hello-world
|
|
||||||
if [ $? -eq 0 ]; then
|
|
||||||
echo "Expected failure with insecure registry"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
docker login -u testuser -p passpassword -e distribution@docker.com $hostname:5446
|
|
||||||
if [ $? -ne 0 ]; then
|
|
||||||
echo "Failed to login"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
docker tag -f hello-world $hostname:5446/hello-world
|
|
||||||
docker push $hostname:5446/hello-world
|
|
||||||
if [ $? -eq 0 ]; then
|
|
||||||
echo "Expected failure with insecure registry"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
docker tag -f hello-world $hostname:5447/hello-world
|
|
||||||
docker push $hostname:5447/hello-world
|
|
||||||
if [ $? -eq 0 ]; then
|
|
||||||
echo "Expected failure with insecure registry"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
docker tag -f hello-world $hostname:5448/hello-world
|
|
||||||
docker push $hostname:5448/hello-world
|
|
||||||
if [ $? -eq 0 ]; then
|
|
||||||
echo "Expected failure contacting with sslv3"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
|
@ -48,7 +48,3 @@ execute docker-compose up -d
|
||||||
# Run the tests.
|
# Run the tests.
|
||||||
execute time bats -p $TESTS
|
execute time bats -p $TESTS
|
||||||
|
|
||||||
|
|
||||||
# Run test script
|
|
||||||
execute sh test_docker.sh localregistry
|
|
||||||
|
|
||||||
|
|
96
contrib/docker-integration/tls.bats
Normal file
96
contrib/docker-integration/tls.bats
Normal file
|
@ -0,0 +1,96 @@
|
||||||
|
# Registry host name, should be set to non-localhost address and match
|
||||||
|
# DNS name in nginx/ssl certificates and what is installed in /etc/docker/cert.d
|
||||||
|
hostname="localregistry"
|
||||||
|
|
||||||
|
image="hello-world:latest"
|
||||||
|
|
||||||
|
# Login information, should match values in nginx/test.passwd
|
||||||
|
user="testuser"
|
||||||
|
password="passpassword"
|
||||||
|
email="distribution@docker.com"
|
||||||
|
|
||||||
|
function setup() {
|
||||||
|
docker pull $image
|
||||||
|
}
|
||||||
|
|
||||||
|
# has_digest enforces the last output line is "Digest: sha256:..."
|
||||||
|
# the input is the name of the array containing the output lines
|
||||||
|
function has_digest() {
|
||||||
|
name=$1[@]
|
||||||
|
lines=("${!name}")
|
||||||
|
length=${#lines[@]}
|
||||||
|
digest_idx=$((length-1))
|
||||||
|
value=${lines[$digest_idx]}
|
||||||
|
result=$(echo "$value"|cut -d':' -f1,2)
|
||||||
|
[ "$result" = "Digest: sha256" ]
|
||||||
|
}
|
||||||
|
|
||||||
|
function login() {
|
||||||
|
run docker login -u $user -p $password -e $email $1
|
||||||
|
[ "$status" -eq 0 ]
|
||||||
|
# First line is WARNING about credential save
|
||||||
|
[ "${lines[1]}" = "Login Succeeded" ]
|
||||||
|
}
|
||||||
|
|
||||||
|
@test "Test valid certificates" {
|
||||||
|
docker tag -f $image $hostname:5440/$image
|
||||||
|
run docker push $hostname:5440/$image
|
||||||
|
[ "$status" -eq 0 ]
|
||||||
|
has_digest lines
|
||||||
|
}
|
||||||
|
|
||||||
|
@test "Test basic auth" {
|
||||||
|
login $hostname:5441
|
||||||
|
docker tag -f $image $hostname:5441/$image
|
||||||
|
run docker push $hostname:5441/$image
|
||||||
|
[ "$status" -eq 0 ]
|
||||||
|
has_digest lines
|
||||||
|
}
|
||||||
|
|
||||||
|
@test "Test TLS client auth" {
|
||||||
|
docker tag -f $image $hostname:5442/$image
|
||||||
|
run docker push $hostname:5442/$image
|
||||||
|
[ "$status" -eq 0 ]
|
||||||
|
has_digest lines
|
||||||
|
}
|
||||||
|
|
||||||
|
@test "Test TLS client with invalid certificate authority fails" {
|
||||||
|
docker tag -f $image $hostname:5443/$image
|
||||||
|
run docker push $hostname:5443/$image
|
||||||
|
[ "$status" -ne 0 ]
|
||||||
|
}
|
||||||
|
|
||||||
|
@test "Test basic auth with TLS client auth" {
|
||||||
|
login $hostname:5444
|
||||||
|
docker tag -f $image $hostname:5444/$image
|
||||||
|
run docker push $hostname:5444/$image
|
||||||
|
[ "$status" -eq 0 ]
|
||||||
|
has_digest lines
|
||||||
|
}
|
||||||
|
|
||||||
|
@test "Test unknown certificate authority fails" {
|
||||||
|
docker tag -f $image $hostname:5445/$image
|
||||||
|
run docker push $hostname:5445/$image
|
||||||
|
[ "$status" -ne 0 ]
|
||||||
|
}
|
||||||
|
|
||||||
|
@test "Test basic auth with unknown certificate authority fails" {
|
||||||
|
run login $hostname:5446
|
||||||
|
[ "$status" -ne 0 ]
|
||||||
|
docker tag -f $image $hostname:5446/$image
|
||||||
|
run docker push $hostname:5446/$image
|
||||||
|
[ "$status" -ne 0 ]
|
||||||
|
}
|
||||||
|
|
||||||
|
@test "Test TLS client auth to server with unknown certificate authority fails" {
|
||||||
|
docker tag -f $image $hostname:5447/$image
|
||||||
|
run docker push $hostname:5447/$image
|
||||||
|
[ "$status" -ne 0 ]
|
||||||
|
}
|
||||||
|
|
||||||
|
@test "Test failure to connect to server fails to fallback to SSLv3" {
|
||||||
|
docker tag -f $image $hostname:5448/$image
|
||||||
|
run docker push $hostname:5448/$image
|
||||||
|
[ "$status" -ne 0 ]
|
||||||
|
}
|
||||||
|
|
Loading…
Reference in a new issue