forked from TrueCloudLab/distribution
Add bats script to replace test_docker.sh
Remove Makefile in favor of run.sh script or manual instructions. Update readme to reflect instructions for running integration tests. Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
This commit is contained in:
parent
06de74a4e9
commit
de638db71e
5 changed files with 132 additions and 137 deletions
|
@ -1,24 +0,0 @@
|
|||
.PHONY: build test
|
||||
|
||||
build:
|
||||
docker-compose build
|
||||
|
||||
start: build
|
||||
docker-compose up -d
|
||||
|
||||
stop:
|
||||
docker-compose stop
|
||||
|
||||
clean:
|
||||
docker-compose kill
|
||||
docker-compose rm -f
|
||||
|
||||
install:
|
||||
sh ./install_certs.sh localhost
|
||||
sh ./install_certs.sh localregistry
|
||||
|
||||
test:
|
||||
@echo "!!!!Ensure /etc/hosts entry is updated for localregistry and make install has been run"
|
||||
sh ./test_docker.sh localregistry
|
||||
|
||||
all: build
|
|
@ -1,16 +1,31 @@
|
|||
# Docker Registry Multi-Configuration Testing
|
||||
# Docker Registry Integration Testing
|
||||
|
||||
This compose configuration is intended to setup a testing environment for Docker
|
||||
These integration tests cover interactions between the Docker daemon and the
|
||||
registry server. All tests are run using the docker cli.
|
||||
|
||||
The compose configuration is intended to setup a testing environment for Docker
|
||||
using multiple registry configurations. These configurations include different
|
||||
combinations of a v1 and v2 registry as well as TLS configurations.
|
||||
|
||||
### Limitations
|
||||
## Running inside of Docker
|
||||
### Get integration container
|
||||
The container image to run the integation tests will need to be pulled or built
|
||||
locally.
|
||||
|
||||
Currently this setup is configured to use localhost as the hostname which
|
||||
limits the ease of testing within Docker since localhost is always treated
|
||||
as an insecure registry. To treat localhost as secure the Docker code must
|
||||
be modified. Without localhost as secure, the test cases will not distinguish
|
||||
between a TLS configuration with a CA and self-signed.
|
||||
*Building locally*
|
||||
```
|
||||
docker build -t distribution/docker-integration .
|
||||
```
|
||||
|
||||
### Run script
|
||||
|
||||
Invoke the tests within Docker through the `run.sh` script.
|
||||
|
||||
```
|
||||
./run.sh
|
||||
```
|
||||
|
||||
## Running manually outside of Docker
|
||||
|
||||
### Install Docker Compose
|
||||
|
||||
|
@ -26,15 +41,14 @@ between a TLS configuration with a CA and self-signed.
|
|||
|
||||
$ sudo chmod +x /usr/local/bin/docker-compose
|
||||
|
||||
## Usage
|
||||
|
||||
### Start compose setup
|
||||
```
|
||||
docker-compose up
|
||||
```
|
||||
|
||||
### Install Certificates
|
||||
The certificates must be installed in /etc/docker/cert.d in order to use TLS client auth and use the CA certificate.
|
||||
The certificates must be installed in /etc/docker/cert.d in order to use TLS
|
||||
client auth and use the CA certificate.
|
||||
```
|
||||
sudo sh ./install_certs.sh
|
||||
```
|
||||
|
@ -52,6 +66,16 @@ docker push localhost:5441/hello-world
|
|||
# Perform login using user `testuser` and password `passpassword`
|
||||
```
|
||||
|
||||
### Set /etc/hosts entry
|
||||
Find the non-localhost ip address of local machine
|
||||
|
||||
### Run bats
|
||||
Run the bats tests after updating /etc/hosts, installing the certificates, and
|
||||
running the `docker-compose` script.
|
||||
```
|
||||
bats -p .
|
||||
```
|
||||
|
||||
## Configurations
|
||||
|
||||
Port | V2 | V1 | TLS | Authentication
|
||||
|
@ -59,6 +83,7 @@ Port | V2 | V1 | TLS | Authentication
|
|||
5000 | yes | yes | no | none
|
||||
5001 | no | yes | no | none
|
||||
5002 | yes | no | no | none
|
||||
5011 | no | yes | yes | none
|
||||
5440 | yes | yes | yes | none
|
||||
5441 | yes | yes | yes | basic (testuser/passpassword)
|
||||
5442 | yes | yes | yes | TLS client
|
||||
|
|
|
@ -1,98 +0,0 @@
|
|||
#!/bin/sh
|
||||
|
||||
hostname=$1
|
||||
if [ "$hostname" = "" ]; then
|
||||
hostname="localhost"
|
||||
fi
|
||||
|
||||
docker pull hello-world
|
||||
|
||||
# TLS Configuration chart
|
||||
# Username/Password: testuser/passpassword
|
||||
# | ca | client | basic | notes
|
||||
# 5440 | yes | no | no | Tests CA certificate
|
||||
# 5441 | yes | no | yes | Tests basic auth over TLS
|
||||
# 5442 | yes | yes | no | Tests client auth with client CA
|
||||
# 5443 | yes | yes | no | Tests client auth without client CA
|
||||
# 5444 | yes | yes | yes | Tests using basic auth + tls auth
|
||||
# 5445 | no | no | no | Tests insecure using TLS
|
||||
# 5446 | no | no | yes | Tests sending credentials to server with insecure TLS
|
||||
# 5447 | no | yes | no | Tests client auth to insecure
|
||||
# 5448 | yes | no | no | Bad SSL version
|
||||
docker tag -f hello-world $hostname:5440/hello-world
|
||||
docker push $hostname:5440/hello-world
|
||||
if [ $? -ne 0 ]; then
|
||||
echo "Fail to push"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
docker login -u testuser -p passpassword -e distribution@docker.com $hostname:5441
|
||||
if [ $? -ne 0 ]; then
|
||||
echo "Failed to login"
|
||||
exit 1
|
||||
fi
|
||||
docker tag -f hello-world $hostname:5441/hello-world
|
||||
docker push $hostname:5441/hello-world
|
||||
if [ $? -ne 0 ]; then
|
||||
echo "Fail to push"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
docker tag -f hello-world $hostname:5442/hello-world
|
||||
docker push $hostname:5442/hello-world
|
||||
if [ $? -ne 0 ]; then
|
||||
echo "Fail to push"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
docker tag -f hello-world $hostname:5443/hello-world
|
||||
docker push $hostname:5443/hello-world
|
||||
if [ $? -eq 0 ]; then
|
||||
echo "Expected failure"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
docker login -u testuser -p passpassword -e distribution@docker.com $hostname:5444
|
||||
if [ $? -ne 0 ]; then
|
||||
echo "Failed to login"
|
||||
exit 1
|
||||
fi
|
||||
docker tag -f hello-world $hostname:5444/hello-world
|
||||
docker push $hostname:5444/hello-world
|
||||
if [ $? -ne 0 ]; then
|
||||
echo "Fail to push"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
docker tag -f hello-world $hostname:5445/hello-world
|
||||
docker push $hostname:5445/hello-world
|
||||
if [ $? -eq 0 ]; then
|
||||
echo "Expected failure with insecure registry"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
docker login -u testuser -p passpassword -e distribution@docker.com $hostname:5446
|
||||
if [ $? -ne 0 ]; then
|
||||
echo "Failed to login"
|
||||
exit 1
|
||||
fi
|
||||
docker tag -f hello-world $hostname:5446/hello-world
|
||||
docker push $hostname:5446/hello-world
|
||||
if [ $? -eq 0 ]; then
|
||||
echo "Expected failure with insecure registry"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
docker tag -f hello-world $hostname:5447/hello-world
|
||||
docker push $hostname:5447/hello-world
|
||||
if [ $? -eq 0 ]; then
|
||||
echo "Expected failure with insecure registry"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
docker tag -f hello-world $hostname:5448/hello-world
|
||||
docker push $hostname:5448/hello-world
|
||||
if [ $? -eq 0 ]; then
|
||||
echo "Expected failure contacting with sslv3"
|
||||
exit 1
|
||||
fi
|
|
@ -48,7 +48,3 @@ execute docker-compose up -d
|
|||
# Run the tests.
|
||||
execute time bats -p $TESTS
|
||||
|
||||
|
||||
# Run test script
|
||||
execute sh test_docker.sh localregistry
|
||||
|
||||
|
|
96
contrib/docker-integration/tls.bats
Normal file
96
contrib/docker-integration/tls.bats
Normal file
|
@ -0,0 +1,96 @@
|
|||
# Registry host name, should be set to non-localhost address and match
|
||||
# DNS name in nginx/ssl certificates and what is installed in /etc/docker/cert.d
|
||||
hostname="localregistry"
|
||||
|
||||
image="hello-world:latest"
|
||||
|
||||
# Login information, should match values in nginx/test.passwd
|
||||
user="testuser"
|
||||
password="passpassword"
|
||||
email="distribution@docker.com"
|
||||
|
||||
function setup() {
|
||||
docker pull $image
|
||||
}
|
||||
|
||||
# has_digest enforces the last output line is "Digest: sha256:..."
|
||||
# the input is the name of the array containing the output lines
|
||||
function has_digest() {
|
||||
name=$1[@]
|
||||
lines=("${!name}")
|
||||
length=${#lines[@]}
|
||||
digest_idx=$((length-1))
|
||||
value=${lines[$digest_idx]}
|
||||
result=$(echo "$value"|cut -d':' -f1,2)
|
||||
[ "$result" = "Digest: sha256" ]
|
||||
}
|
||||
|
||||
function login() {
|
||||
run docker login -u $user -p $password -e $email $1
|
||||
[ "$status" -eq 0 ]
|
||||
# First line is WARNING about credential save
|
||||
[ "${lines[1]}" = "Login Succeeded" ]
|
||||
}
|
||||
|
||||
@test "Test valid certificates" {
|
||||
docker tag -f $image $hostname:5440/$image
|
||||
run docker push $hostname:5440/$image
|
||||
[ "$status" -eq 0 ]
|
||||
has_digest lines
|
||||
}
|
||||
|
||||
@test "Test basic auth" {
|
||||
login $hostname:5441
|
||||
docker tag -f $image $hostname:5441/$image
|
||||
run docker push $hostname:5441/$image
|
||||
[ "$status" -eq 0 ]
|
||||
has_digest lines
|
||||
}
|
||||
|
||||
@test "Test TLS client auth" {
|
||||
docker tag -f $image $hostname:5442/$image
|
||||
run docker push $hostname:5442/$image
|
||||
[ "$status" -eq 0 ]
|
||||
has_digest lines
|
||||
}
|
||||
|
||||
@test "Test TLS client with invalid certificate authority fails" {
|
||||
docker tag -f $image $hostname:5443/$image
|
||||
run docker push $hostname:5443/$image
|
||||
[ "$status" -ne 0 ]
|
||||
}
|
||||
|
||||
@test "Test basic auth with TLS client auth" {
|
||||
login $hostname:5444
|
||||
docker tag -f $image $hostname:5444/$image
|
||||
run docker push $hostname:5444/$image
|
||||
[ "$status" -eq 0 ]
|
||||
has_digest lines
|
||||
}
|
||||
|
||||
@test "Test unknown certificate authority fails" {
|
||||
docker tag -f $image $hostname:5445/$image
|
||||
run docker push $hostname:5445/$image
|
||||
[ "$status" -ne 0 ]
|
||||
}
|
||||
|
||||
@test "Test basic auth with unknown certificate authority fails" {
|
||||
run login $hostname:5446
|
||||
[ "$status" -ne 0 ]
|
||||
docker tag -f $image $hostname:5446/$image
|
||||
run docker push $hostname:5446/$image
|
||||
[ "$status" -ne 0 ]
|
||||
}
|
||||
|
||||
@test "Test TLS client auth to server with unknown certificate authority fails" {
|
||||
docker tag -f $image $hostname:5447/$image
|
||||
run docker push $hostname:5447/$image
|
||||
[ "$status" -ne 0 ]
|
||||
}
|
||||
|
||||
@test "Test failure to connect to server fails to fallback to SSLv3" {
|
||||
docker tag -f $image $hostname:5448/$image
|
||||
run docker push $hostname:5448/$image
|
||||
[ "$status" -ne 0 ]
|
||||
}
|
||||
|
Loading…
Reference in a new issue