Add bats script to replace test_docker.sh

Remove Makefile in favor of run.sh script or manual instructions.
Update readme to reflect instructions for running integration tests.

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
This commit is contained in:
Derek McGowan 2015-06-05 13:19:50 -07:00
parent 06de74a4e9
commit de638db71e
5 changed files with 132 additions and 137 deletions

View file

@ -1,24 +0,0 @@
.PHONY: build test
build:
docker-compose build
start: build
docker-compose up -d
stop:
docker-compose stop
clean:
docker-compose kill
docker-compose rm -f
install:
sh ./install_certs.sh localhost
sh ./install_certs.sh localregistry
test:
@echo "!!!!Ensure /etc/hosts entry is updated for localregistry and make install has been run"
sh ./test_docker.sh localregistry
all: build

View file

@ -1,16 +1,31 @@
# Docker Registry Multi-Configuration Testing # Docker Registry Integration Testing
This compose configuration is intended to setup a testing environment for Docker These integration tests cover interactions between the Docker daemon and the
registry server. All tests are run using the docker cli.
The compose configuration is intended to setup a testing environment for Docker
using multiple registry configurations. These configurations include different using multiple registry configurations. These configurations include different
combinations of a v1 and v2 registry as well as TLS configurations. combinations of a v1 and v2 registry as well as TLS configurations.
### Limitations ## Running inside of Docker
### Get integration container
The container image to run the integation tests will need to be pulled or built
locally.
Currently this setup is configured to use localhost as the hostname which *Building locally*
limits the ease of testing within Docker since localhost is always treated ```
as an insecure registry. To treat localhost as secure the Docker code must docker build -t distribution/docker-integration .
be modified. Without localhost as secure, the test cases will not distinguish ```
between a TLS configuration with a CA and self-signed.
### Run script
Invoke the tests within Docker through the `run.sh` script.
```
./run.sh
```
## Running manually outside of Docker
### Install Docker Compose ### Install Docker Compose
@ -26,15 +41,14 @@ between a TLS configuration with a CA and self-signed.
$ sudo chmod +x /usr/local/bin/docker-compose $ sudo chmod +x /usr/local/bin/docker-compose
## Usage
### Start compose setup ### Start compose setup
``` ```
docker-compose up docker-compose up
``` ```
### Install Certificates ### Install Certificates
The certificates must be installed in /etc/docker/cert.d in order to use TLS client auth and use the CA certificate. The certificates must be installed in /etc/docker/cert.d in order to use TLS
client auth and use the CA certificate.
``` ```
sudo sh ./install_certs.sh sudo sh ./install_certs.sh
``` ```
@ -52,6 +66,16 @@ docker push localhost:5441/hello-world
# Perform login using user `testuser` and password `passpassword` # Perform login using user `testuser` and password `passpassword`
``` ```
### Set /etc/hosts entry
Find the non-localhost ip address of local machine
### Run bats
Run the bats tests after updating /etc/hosts, installing the certificates, and
running the `docker-compose` script.
```
bats -p .
```
## Configurations ## Configurations
Port | V2 | V1 | TLS | Authentication Port | V2 | V1 | TLS | Authentication
@ -59,6 +83,7 @@ Port | V2 | V1 | TLS | Authentication
5000 | yes | yes | no | none 5000 | yes | yes | no | none
5001 | no | yes | no | none 5001 | no | yes | no | none
5002 | yes | no | no | none 5002 | yes | no | no | none
5011 | no | yes | yes | none
5440 | yes | yes | yes | none 5440 | yes | yes | yes | none
5441 | yes | yes | yes | basic (testuser/passpassword) 5441 | yes | yes | yes | basic (testuser/passpassword)
5442 | yes | yes | yes | TLS client 5442 | yes | yes | yes | TLS client

View file

@ -1,98 +0,0 @@
#!/bin/sh
hostname=$1
if [ "$hostname" = "" ]; then
hostname="localhost"
fi
docker pull hello-world
# TLS Configuration chart
# Username/Password: testuser/passpassword
# | ca | client | basic | notes
# 5440 | yes | no | no | Tests CA certificate
# 5441 | yes | no | yes | Tests basic auth over TLS
# 5442 | yes | yes | no | Tests client auth with client CA
# 5443 | yes | yes | no | Tests client auth without client CA
# 5444 | yes | yes | yes | Tests using basic auth + tls auth
# 5445 | no | no | no | Tests insecure using TLS
# 5446 | no | no | yes | Tests sending credentials to server with insecure TLS
# 5447 | no | yes | no | Tests client auth to insecure
# 5448 | yes | no | no | Bad SSL version
docker tag -f hello-world $hostname:5440/hello-world
docker push $hostname:5440/hello-world
if [ $? -ne 0 ]; then
echo "Fail to push"
exit 1
fi
docker login -u testuser -p passpassword -e distribution@docker.com $hostname:5441
if [ $? -ne 0 ]; then
echo "Failed to login"
exit 1
fi
docker tag -f hello-world $hostname:5441/hello-world
docker push $hostname:5441/hello-world
if [ $? -ne 0 ]; then
echo "Fail to push"
exit 1
fi
docker tag -f hello-world $hostname:5442/hello-world
docker push $hostname:5442/hello-world
if [ $? -ne 0 ]; then
echo "Fail to push"
exit 1
fi
docker tag -f hello-world $hostname:5443/hello-world
docker push $hostname:5443/hello-world
if [ $? -eq 0 ]; then
echo "Expected failure"
exit 1
fi
docker login -u testuser -p passpassword -e distribution@docker.com $hostname:5444
if [ $? -ne 0 ]; then
echo "Failed to login"
exit 1
fi
docker tag -f hello-world $hostname:5444/hello-world
docker push $hostname:5444/hello-world
if [ $? -ne 0 ]; then
echo "Fail to push"
exit 1
fi
docker tag -f hello-world $hostname:5445/hello-world
docker push $hostname:5445/hello-world
if [ $? -eq 0 ]; then
echo "Expected failure with insecure registry"
exit 1
fi
docker login -u testuser -p passpassword -e distribution@docker.com $hostname:5446
if [ $? -ne 0 ]; then
echo "Failed to login"
exit 1
fi
docker tag -f hello-world $hostname:5446/hello-world
docker push $hostname:5446/hello-world
if [ $? -eq 0 ]; then
echo "Expected failure with insecure registry"
exit 1
fi
docker tag -f hello-world $hostname:5447/hello-world
docker push $hostname:5447/hello-world
if [ $? -eq 0 ]; then
echo "Expected failure with insecure registry"
exit 1
fi
docker tag -f hello-world $hostname:5448/hello-world
docker push $hostname:5448/hello-world
if [ $? -eq 0 ]; then
echo "Expected failure contacting with sslv3"
exit 1
fi

View file

@ -48,7 +48,3 @@ execute docker-compose up -d
# Run the tests. # Run the tests.
execute time bats -p $TESTS execute time bats -p $TESTS
# Run test script
execute sh test_docker.sh localregistry

View file

@ -0,0 +1,96 @@
# Registry host name, should be set to non-localhost address and match
# DNS name in nginx/ssl certificates and what is installed in /etc/docker/cert.d
hostname="localregistry"
image="hello-world:latest"
# Login information, should match values in nginx/test.passwd
user="testuser"
password="passpassword"
email="distribution@docker.com"
function setup() {
docker pull $image
}
# has_digest enforces the last output line is "Digest: sha256:..."
# the input is the name of the array containing the output lines
function has_digest() {
name=$1[@]
lines=("${!name}")
length=${#lines[@]}
digest_idx=$((length-1))
value=${lines[$digest_idx]}
result=$(echo "$value"|cut -d':' -f1,2)
[ "$result" = "Digest: sha256" ]
}
function login() {
run docker login -u $user -p $password -e $email $1
[ "$status" -eq 0 ]
# First line is WARNING about credential save
[ "${lines[1]}" = "Login Succeeded" ]
}
@test "Test valid certificates" {
docker tag -f $image $hostname:5440/$image
run docker push $hostname:5440/$image
[ "$status" -eq 0 ]
has_digest lines
}
@test "Test basic auth" {
login $hostname:5441
docker tag -f $image $hostname:5441/$image
run docker push $hostname:5441/$image
[ "$status" -eq 0 ]
has_digest lines
}
@test "Test TLS client auth" {
docker tag -f $image $hostname:5442/$image
run docker push $hostname:5442/$image
[ "$status" -eq 0 ]
has_digest lines
}
@test "Test TLS client with invalid certificate authority fails" {
docker tag -f $image $hostname:5443/$image
run docker push $hostname:5443/$image
[ "$status" -ne 0 ]
}
@test "Test basic auth with TLS client auth" {
login $hostname:5444
docker tag -f $image $hostname:5444/$image
run docker push $hostname:5444/$image
[ "$status" -eq 0 ]
has_digest lines
}
@test "Test unknown certificate authority fails" {
docker tag -f $image $hostname:5445/$image
run docker push $hostname:5445/$image
[ "$status" -ne 0 ]
}
@test "Test basic auth with unknown certificate authority fails" {
run login $hostname:5446
[ "$status" -ne 0 ]
docker tag -f $image $hostname:5446/$image
run docker push $hostname:5446/$image
[ "$status" -ne 0 ]
}
@test "Test TLS client auth to server with unknown certificate authority fails" {
docker tag -f $image $hostname:5447/$image
run docker push $hostname:5447/$image
[ "$status" -ne 0 ]
}
@test "Test failure to connect to server fails to fallback to SSLv3" {
docker tag -f $image $hostname:5448/$image
run docker push $hostname:5448/$image
[ "$status" -ne 0 ]
}