zot/pkg/cli/client_test.go

//go:build search
// +build search

package cli //nolint:testpackage

import (
	"bytes"
	"context"
	"crypto/tls"
	"crypto/x509"
	"fmt"
	"os"
	"path/filepath"
	"testing"
	"time"

	. "github.com/smartystreets/goconvey/convey"
	"gopkg.in/resty.v1"

	"zotregistry.io/zot/pkg/api"
	"zotregistry.io/zot/pkg/api/config"
	"zotregistry.io/zot/pkg/api/constants"
	extConf "zotregistry.io/zot/pkg/extensions/config"
	"zotregistry.io/zot/pkg/test"
)

const (
	BaseURL1       = "http://127.0.0.1:8088"
	BaseSecureURL1 = "https://127.0.0.1:8088"
	HOST1          = "127.0.0.1:8088"
	SecurePort1    = "8088"
	BaseURL2       = "http://127.0.0.1:8089"
	BaseSecureURL2 = "https://127.0.0.1:8089"
	SecurePort2    = "8089"
	BaseURL3       = "http://127.0.0.1:8090"
	BaseSecureURL3 = "https://127.0.0.1:8090"
	SecurePort3    = "8090"
	username       = "test"
	passphrase     = "test"
	ServerCert     = "../../test/data/server.cert"
	ServerKey      = "../../test/data/server.key"
	CACert         = "../../test/data/ca.crt"
	sourceCertsDir = "../../test/data"
	certsDir1      = "/.config/containers/certs.d/127.0.0.1:8088/"
)

func TestTLSWithAuth(t *testing.T) {
	Convey("Make a new controller", t, func() {
		caCert, err := os.ReadFile(CACert)
		So(err, ShouldBeNil)
		caCertPool := x509.NewCertPool()
		caCertPool.AppendCertsFromPEM(caCert)

		resty.SetTLSClientConfig(&tls.Config{RootCAs: caCertPool, MinVersion: tls.VersionTLS12})
		defer func() { resty.SetTLSClientConfig(nil) }()
		conf := config.New()
		conf.HTTP.Port = SecurePort1
		htpasswdPath := test.MakeHtpasswdFile()
		defer os.Remove(htpasswdPath)

		conf.HTTP.Auth = &config.AuthConfig{
			HTPasswd: config.AuthHTPasswd{
				Path: htpasswdPath,
			},
		}

		conf.HTTP.TLS = &config.TLSConfig{
			Cert:   ServerCert,
			Key:    ServerKey,
			CACert: CACert,
		}

		enable := true
		conf.Extensions = &extConf.ExtensionConfig{
			Search: &extConf.SearchConfig{BaseConfig: extConf.BaseConfig{Enable: &enable}},
		}

		ctlr := api.NewController(conf)
		ctlr.Config.Storage.RootDirectory = t.TempDir()
		go func() {
			// this blocks
			if err := ctlr.Run(context.Background()); err != nil {
				return
			}
		}()

		// wait till ready
		for {
			_, err := resty.R().Get(BaseSecureURL1)
			if err == nil {
				break
			}
			time.Sleep(100 * time.Millisecond)
		}

		defer func() {
			ctx := context.Background()
			_ = ctlr.Server.Shutdown(ctx)
		}()

		Convey("Test with htpassw auth", func() {
			configPath := makeConfigFile(`{"configs":[{"_name":"imagetest","showspinner":false}]}`)
			defer os.Remove(configPath)

			home := os.Getenv("HOME")
			destCertsDir := filepath.Join(home, certsDir1)
			if err = test.CopyFiles(sourceCertsDir, destCertsDir); err != nil {
				panic(err)
			}
			defer os.RemoveAll(destCertsDir)

			args := []string{"imagetest", "--name", "dummyImageName", "--url", HOST1}
			imageCmd := NewImageCommand(new(searchService))
			imageBuff := bytes.NewBufferString("")
			imageCmd.SetOut(imageBuff)
			imageCmd.SetErr(imageBuff)
			imageCmd.SetArgs(args)
			err := imageCmd.Execute()
			So(err, ShouldNotBeNil)
			So(imageBuff.String(), ShouldContainSubstring, "invalid URL format")

			args = []string{"imagetest"}
			configPath = makeConfigFile(
				fmt.Sprintf(`{"configs":[{"_name":"imagetest","url":"%s%s%s","showspinner":false}]}`,
					BaseSecureURL1, constants.RoutePrefix, constants.ExtCatalogPrefix))
			defer os.Remove(configPath)
			imageCmd = NewImageCommand(new(searchService))
			imageBuff = bytes.NewBufferString("")
			imageCmd.SetOut(imageBuff)
			imageCmd.SetErr(imageBuff)
			imageCmd.SetArgs(args)
			err = imageCmd.Execute()
			So(err, ShouldNotBeNil)
			So(imageBuff.String(), ShouldContainSubstring, "check credentials")

			user := fmt.Sprintf("%s:%s", username, passphrase)
			args = []string{"imagetest", "-u", user}
			configPath = makeConfigFile(
				fmt.Sprintf(`{"configs":[{"_name":"imagetest","url":"%s%s%s","showspinner":false}]}`,
					BaseSecureURL1, constants.RoutePrefix, constants.ExtCatalogPrefix))
			defer os.Remove(configPath)
			imageCmd = NewImageCommand(new(searchService))
			imageBuff = bytes.NewBufferString("")
			imageCmd.SetOut(imageBuff)
			imageCmd.SetErr(imageBuff)
			imageCmd.SetArgs(args)
			err = imageCmd.Execute()
			So(err, ShouldBeNil)
		})
	})
}

func TestTLSWithoutAuth(t *testing.T) {
	Convey("Home certs - Make a new controller", t, func() {
		caCert, err := os.ReadFile(CACert)
		So(err, ShouldBeNil)
		caCertPool := x509.NewCertPool()
		caCertPool.AppendCertsFromPEM(caCert)

		resty.SetTLSClientConfig(&tls.Config{RootCAs: caCertPool, MinVersion: tls.VersionTLS12})
		defer func() { resty.SetTLSClientConfig(nil) }()
		conf := config.New()
		conf.HTTP.Port = SecurePort1
		conf.HTTP.TLS = &config.TLSConfig{
			Cert:   ServerCert,
			Key:    ServerKey,
			CACert: CACert,
		}

		enable := true
		conf.Extensions = &extConf.ExtensionConfig{
			Search: &extConf.SearchConfig{BaseConfig: extConf.BaseConfig{Enable: &enable}},
		}

		ctlr := api.NewController(conf)
		ctlr.Config.Storage.RootDirectory = t.TempDir()
		go func() {
			// this blocks
			if err := ctlr.Run(context.Background()); err != nil {
				return
			}
		}()

		// wait till ready
		for {
			_, err := resty.R().Get(BaseURL1)
			if err == nil {
				break
			}
			time.Sleep(100 * time.Millisecond)
		}

		defer func() {
			ctx := context.Background()
			_ = ctlr.Server.Shutdown(ctx)
		}()

		Convey("Certs in user's home", func() {
			configPath := makeConfigFile(
				fmt.Sprintf(`{"configs":[{"_name":"imagetest","url":"%s%s%s","showspinner":false}]}`,
					BaseSecureURL1, constants.RoutePrefix, constants.ExtCatalogPrefix))
			defer os.Remove(configPath)

			home := os.Getenv("HOME")
			destCertsDir := filepath.Join(home, certsDir1)
			if err = test.CopyFiles(sourceCertsDir, destCertsDir); err != nil {
				panic(err)
			}
			defer os.RemoveAll(destCertsDir)

			args := []string{"imagetest"}
			imageCmd := NewImageCommand(new(searchService))
			imageBuff := bytes.NewBufferString("")
			imageCmd.SetOut(imageBuff)
			imageCmd.SetErr(imageBuff)
			imageCmd.SetArgs(args)
			err := imageCmd.Execute()
			So(err, ShouldBeNil)
		})
	})
}

func TestTLSBadCerts(t *testing.T) {
	Convey("Make a new controller", t, func() {
		caCert, err := os.ReadFile(CACert)
		So(err, ShouldBeNil)
		caCertPool := x509.NewCertPool()
		caCertPool.AppendCertsFromPEM(caCert)

		resty.SetTLSClientConfig(&tls.Config{RootCAs: caCertPool, MinVersion: tls.VersionTLS12})
		defer func() { resty.SetTLSClientConfig(nil) }()
		conf := config.New()
		conf.HTTP.Port = SecurePort3
		conf.HTTP.TLS = &config.TLSConfig{
			Cert:   ServerCert,
			Key:    ServerKey,
			CACert: CACert,
		}

		ctlr := api.NewController(conf)
		ctlr.Config.Storage.RootDirectory = t.TempDir()
		go func() {
			// this blocks
			if err := ctlr.Run(context.Background()); err != nil {
				return
			}
		}()

		// wait till ready
		for {
			_, err := resty.R().Get(BaseURL3)
			if err == nil {
				break
			}
			time.Sleep(100 * time.Millisecond)
		}

		defer func() {
			ctx := context.Background()
			_ = ctlr.Server.Shutdown(ctx)
		}()

		Convey("Test with system certs", func() {
			configPath := makeConfigFile(
				fmt.Sprintf(`{"configs":[{"_name":"imagetest","url":"%s%s%s","showspinner":false}]}`,
					BaseSecureURL3, constants.RoutePrefix, constants.ExtCatalogPrefix))
			defer os.Remove(configPath)

			args := []string{"imagetest"}
			imageCmd := NewImageCommand(new(searchService))
			imageBuff := bytes.NewBufferString("")
			imageCmd.SetOut(imageBuff)
			imageCmd.SetErr(imageBuff)
			imageCmd.SetArgs(args)
			err := imageCmd.Execute()
			So(err, ShouldNotBeNil)
			So(imageBuff.String(), ShouldContainSubstring, "certificate signed by unknown authority")
		})
	})
}
build(tags): remove redundant build tag ui_base (#857) It was not used for UI, it had become a CLI dependency with the same functionality as search Signed-off-by: Andrei Aaron <andaaron@cisco.com> 2022-10-10 07:05:55 -05:00			`//go:build search`
			`// +build search`
TLS certs in CLI client resolve #194 2021-07-06 11:50:46 -05:00
			`package cli //nolint:testpackage`

			`import (`
			`"bytes"`
			`"context"`
			`"crypto/tls"`
			`"crypto/x509"`
			`"fmt"`
			`"os"`
			`"path/filepath"`
			`"testing"`
			`"time"`

			`. "github.com/smartystreets/goconvey/convey"`
Fix data races in tests, closes #255 Signed-off-by: Alexei Dodon <adodon@cisco.com> 2021-11-10 09:31:03 -05:00			`"gopkg.in/resty.v1"`
chore(lint): gci to separate zot from other imports (#870) Signed-off-by: Andrei Aaron <andaaron@cisco.com> 2022-10-20 11:39:20 -05:00
move references to zotregistry.io and project-zot Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com> 2021-12-03 22:50:58 -05:00			`"zotregistry.io/zot/pkg/api"`
			`"zotregistry.io/zot/pkg/api/config"`
ext: use distribution spec route prefix for extension api Following the spec defined here https://github.com/opencontainers/distribution-spec/tree/main/extensions Signed-off-by: Shivam Mishra <shimish2@cisco.com> 2022-02-24 15:31:36 -05:00			`"zotregistry.io/zot/pkg/api/constants"`
Add GraphQL API for getting the information necessary to list images in the zot cli without download manifests. If this GraphQL API is available, try that first, else fallback to the slowpath. Signed-off-by: Roxana Nemulescu <roxana.nemulescu@gmail.com> 2022-01-19 10:57:10 -05:00			`extConf "zotregistry.io/zot/pkg/extensions/config"`
storage: improve/fix oci image validation Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com> 2022-01-19 14:54:17 -05:00			`"zotregistry.io/zot/pkg/test"`
TLS certs in CLI client resolve #194 2021-07-06 11:50:46 -05:00			`)`

			`const (`
			`BaseURL1 = "http://127.0.0.1:8088"`
			`BaseSecureURL1 = "https://127.0.0.1:8088"`
			`HOST1 = "127.0.0.1:8088"`
			`SecurePort1 = "8088"`
			`BaseURL2 = "http://127.0.0.1:8089"`
			`BaseSecureURL2 = "https://127.0.0.1:8089"`
			`SecurePort2 = "8089"`
			`BaseURL3 = "http://127.0.0.1:8090"`
			`BaseSecureURL3 = "https://127.0.0.1:8090"`
			`SecurePort3 = "8090"`
			`username = "test"`
			`passphrase = "test"`
			`ServerCert = "../../test/data/server.cert"`
			`ServerKey = "../../test/data/server.key"`
			`CACert = "../../test/data/ca.crt"`
			`sourceCertsDir = "../../test/data"`
			`certsDir1 = "/.config/containers/certs.d/127.0.0.1:8088/"`
			`)`

			`func TestTLSWithAuth(t *testing.T) {`
			`Convey("Make a new controller", t, func() {`
Replaced deprecated io/ioutil functions (#768) Signed-off-by: slab713 <109306207+slab713@users.noreply.github.com> 2022-09-02 07:56:02 -05:00			`caCert, err := os.ReadFile(CACert)`
TLS certs in CLI client resolve #194 2021-07-06 11:50:46 -05:00			`So(err, ShouldBeNil)`
			`caCertPool := x509.NewCertPool()`
			`caCertPool.AppendCertsFromPEM(caCert)`

lint: upgrade golangci-lint Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com> 2021-12-13 14:23:31 -05:00			`resty.SetTLSClientConfig(&tls.Config{RootCAs: caCertPool, MinVersion: tls.VersionTLS12})`
TLS certs in CLI client resolve #194 2021-07-06 11:50:46 -05:00			`defer func() { resty.SetTLSClientConfig(nil) }()`
Added new extension "sync" Periodically poll registries and pull images according to sync's config Added sync on demand, syncing when clients asks for an image which zot doesn't have. Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2021-06-08 15:11:18 -05:00			`conf := config.New()`
			`conf.HTTP.Port = SecurePort1`
storage: improve/fix oci image validation Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com> 2022-01-19 14:54:17 -05:00			`htpasswdPath := test.MakeHtpasswdFile()`
TLS certs in CLI client resolve #194 2021-07-06 11:50:46 -05:00			`defer os.Remove(htpasswdPath)`

Added new extension "sync" Periodically poll registries and pull images according to sync's config Added sync on demand, syncing when clients asks for an image which zot doesn't have. Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2021-06-08 15:11:18 -05:00			`conf.HTTP.Auth = &config.AuthConfig{`
			`HTPasswd: config.AuthHTPasswd{`
TLS certs in CLI client resolve #194 2021-07-06 11:50:46 -05:00			`Path: htpasswdPath,`
			`},`
			`}`

Added new extension "sync" Periodically poll registries and pull images according to sync's config Added sync on demand, syncing when clients asks for an image which zot doesn't have. Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2021-06-08 15:11:18 -05:00			`conf.HTTP.TLS = &config.TLSConfig{`
TLS certs in CLI client resolve #194 2021-07-06 11:50:46 -05:00			`Cert: ServerCert,`
			`Key: ServerKey,`
			`CACert: CACert,`
			`}`

Add GraphQL API for getting the information necessary to list images in the zot cli without download manifests. If this GraphQL API is available, try that first, else fallback to the slowpath. Signed-off-by: Roxana Nemulescu <roxana.nemulescu@gmail.com> 2022-01-19 10:57:10 -05:00			`enable := true`
			`conf.Extensions = &extConf.ExtensionConfig{`
fix(config): make all extension config consistent (#888) Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com> 2022-10-21 07:33:54 -05:00			`Search: &extConf.SearchConfig{BaseConfig: extConf.BaseConfig{Enable: &enable}},`
Add GraphQL API for getting the information necessary to list images in the zot cli without download manifests. If this GraphQL API is available, try that first, else fallback to the slowpath. Signed-off-by: Roxana Nemulescu <roxana.nemulescu@gmail.com> 2022-01-19 10:57:10 -05:00			`}`

lint: upgrade golangci-lint Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com> 2021-12-13 14:23:31 -05:00			`ctlr := api.NewController(conf)`
test: use `T.TempDir` to create temporary test directory The directory created by `T.TempDir` is automatically removed when the test and all its subtests complete. Reference: https://pkg.go.dev/testing#T.TempDir Signed-off-by: Eng Zer Jun <engzerjun@gmail.com> 2022-03-07 03:55:12 -05:00			`ctlr.Config.Storage.RootDirectory = t.TempDir()`
TLS certs in CLI client resolve #194 2021-07-06 11:50:46 -05:00			`go func() {`
			`// this blocks`
lint: Move out config reloader context from controller struct Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2022-03-24 07:49:51 -05:00			`if err := ctlr.Run(context.Background()); err != nil {`
TLS certs in CLI client resolve #194 2021-07-06 11:50:46 -05:00			`return`
			`}`
			`}()`

			`// wait till ready`
			`for {`
			`_, err := resty.R().Get(BaseSecureURL1)`
			`if err == nil {`
			`break`
			`}`
			`time.Sleep(100 * time.Millisecond)`
			`}`

			`defer func() {`
			`ctx := context.Background()`
lint: upgrade golangci-lint Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com> 2021-12-13 14:23:31 -05:00			`_ = ctlr.Server.Shutdown(ctx)`
TLS certs in CLI client resolve #194 2021-07-06 11:50:46 -05:00			`}()`

			`Convey("Test with htpassw auth", func() {`
			configPath := makeConfigFile(`{"configs":[{"_name":"imagetest","showspinner":false}]}`)
			`defer os.Remove(configPath)`

			`home := os.Getenv("HOME")`
			`destCertsDir := filepath.Join(home, certsDir1)`
storage: improve/fix oci image validation Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com> 2022-01-19 14:54:17 -05:00			`if err = test.CopyFiles(sourceCertsDir, destCertsDir); err != nil {`
TLS certs in CLI client resolve #194 2021-07-06 11:50:46 -05:00			`panic(err)`
			`}`
			`defer os.RemoveAll(destCertsDir)`

			`args := []string{"imagetest", "--name", "dummyImageName", "--url", HOST1}`
			`imageCmd := NewImageCommand(new(searchService))`
			`imageBuff := bytes.NewBufferString("")`
			`imageCmd.SetOut(imageBuff)`
go.mod: update modules 2021-05-21 15:47:28 -05:00			`imageCmd.SetErr(imageBuff)`
TLS certs in CLI client resolve #194 2021-07-06 11:50:46 -05:00			`imageCmd.SetArgs(args)`
			`err := imageCmd.Execute()`
			`So(err, ShouldNotBeNil)`
			`So(imageBuff.String(), ShouldContainSubstring, "invalid URL format")`

			`args = []string{"imagetest"}`
			`configPath = makeConfigFile(`
ext: use distribution spec route prefix for extension api Following the spec defined here https://github.com/opencontainers/distribution-spec/tree/main/extensions Signed-off-by: Shivam Mishra <shimish2@cisco.com> 2022-02-24 15:31:36 -05:00			fmt.Sprintf(`{"configs":[{"_name":"imagetest","url":"%s%s%s","showspinner":false}]}`,
			`BaseSecureURL1, constants.RoutePrefix, constants.ExtCatalogPrefix))`
TLS certs in CLI client resolve #194 2021-07-06 11:50:46 -05:00			`defer os.Remove(configPath)`
			`imageCmd = NewImageCommand(new(searchService))`
			`imageBuff = bytes.NewBufferString("")`
			`imageCmd.SetOut(imageBuff)`
go.mod: update modules 2021-05-21 15:47:28 -05:00			`imageCmd.SetErr(imageBuff)`
TLS certs in CLI client resolve #194 2021-07-06 11:50:46 -05:00			`imageCmd.SetArgs(args)`
			`err = imageCmd.Execute()`
			`So(err, ShouldNotBeNil)`
			`So(imageBuff.String(), ShouldContainSubstring, "check credentials")`

			`user := fmt.Sprintf("%s:%s", username, passphrase)`
			`args = []string{"imagetest", "-u", user}`
			`configPath = makeConfigFile(`
ext: use distribution spec route prefix for extension api Following the spec defined here https://github.com/opencontainers/distribution-spec/tree/main/extensions Signed-off-by: Shivam Mishra <shimish2@cisco.com> 2022-02-24 15:31:36 -05:00			fmt.Sprintf(`{"configs":[{"_name":"imagetest","url":"%s%s%s","showspinner":false}]}`,
			`BaseSecureURL1, constants.RoutePrefix, constants.ExtCatalogPrefix))`
TLS certs in CLI client resolve #194 2021-07-06 11:50:46 -05:00			`defer os.Remove(configPath)`
			`imageCmd = NewImageCommand(new(searchService))`
			`imageBuff = bytes.NewBufferString("")`
			`imageCmd.SetOut(imageBuff)`
go.mod: update modules 2021-05-21 15:47:28 -05:00			`imageCmd.SetErr(imageBuff)`
TLS certs in CLI client resolve #194 2021-07-06 11:50:46 -05:00			`imageCmd.SetArgs(args)`
			`err = imageCmd.Execute()`
			`So(err, ShouldBeNil)`
			`})`
			`})`
			`}`

			`func TestTLSWithoutAuth(t *testing.T) {`
			`Convey("Home certs - Make a new controller", t, func() {`
Replaced deprecated io/ioutil functions (#768) Signed-off-by: slab713 <109306207+slab713@users.noreply.github.com> 2022-09-02 07:56:02 -05:00			`caCert, err := os.ReadFile(CACert)`
TLS certs in CLI client resolve #194 2021-07-06 11:50:46 -05:00			`So(err, ShouldBeNil)`
			`caCertPool := x509.NewCertPool()`
			`caCertPool.AppendCertsFromPEM(caCert)`

lint: upgrade golangci-lint Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com> 2021-12-13 14:23:31 -05:00			`resty.SetTLSClientConfig(&tls.Config{RootCAs: caCertPool, MinVersion: tls.VersionTLS12})`
TLS certs in CLI client resolve #194 2021-07-06 11:50:46 -05:00			`defer func() { resty.SetTLSClientConfig(nil) }()`
Added new extension "sync" Periodically poll registries and pull images according to sync's config Added sync on demand, syncing when clients asks for an image which zot doesn't have. Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2021-06-08 15:11:18 -05:00			`conf := config.New()`
			`conf.HTTP.Port = SecurePort1`
			`conf.HTTP.TLS = &config.TLSConfig{`
TLS certs in CLI client resolve #194 2021-07-06 11:50:46 -05:00			`Cert: ServerCert,`
			`Key: ServerKey,`
			`CACert: CACert,`
			`}`

Add GraphQL API for getting the information necessary to list images in the zot cli without download manifests. If this GraphQL API is available, try that first, else fallback to the slowpath. Signed-off-by: Roxana Nemulescu <roxana.nemulescu@gmail.com> 2022-01-19 10:57:10 -05:00			`enable := true`
			`conf.Extensions = &extConf.ExtensionConfig{`
fix(config): make all extension config consistent (#888) Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com> 2022-10-21 07:33:54 -05:00			`Search: &extConf.SearchConfig{BaseConfig: extConf.BaseConfig{Enable: &enable}},`
Add GraphQL API for getting the information necessary to list images in the zot cli without download manifests. If this GraphQL API is available, try that first, else fallback to the slowpath. Signed-off-by: Roxana Nemulescu <roxana.nemulescu@gmail.com> 2022-01-19 10:57:10 -05:00			`}`

lint: upgrade golangci-lint Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com> 2021-12-13 14:23:31 -05:00			`ctlr := api.NewController(conf)`
test: use `T.TempDir` to create temporary test directory The directory created by `T.TempDir` is automatically removed when the test and all its subtests complete. Reference: https://pkg.go.dev/testing#T.TempDir Signed-off-by: Eng Zer Jun <engzerjun@gmail.com> 2022-03-07 03:55:12 -05:00			`ctlr.Config.Storage.RootDirectory = t.TempDir()`
TLS certs in CLI client resolve #194 2021-07-06 11:50:46 -05:00			`go func() {`
			`// this blocks`
lint: Move out config reloader context from controller struct Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2022-03-24 07:49:51 -05:00			`if err := ctlr.Run(context.Background()); err != nil {`
TLS certs in CLI client resolve #194 2021-07-06 11:50:46 -05:00			`return`
			`}`
			`}()`

			`// wait till ready`
			`for {`
			`_, err := resty.R().Get(BaseURL1)`
			`if err == nil {`
			`break`
			`}`
			`time.Sleep(100 * time.Millisecond)`
			`}`

			`defer func() {`
			`ctx := context.Background()`
lint: upgrade golangci-lint Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com> 2021-12-13 14:23:31 -05:00			`_ = ctlr.Server.Shutdown(ctx)`
TLS certs in CLI client resolve #194 2021-07-06 11:50:46 -05:00			`}()`

			`Convey("Certs in user's home", func() {`
			`configPath := makeConfigFile(`
ext: use distribution spec route prefix for extension api Following the spec defined here https://github.com/opencontainers/distribution-spec/tree/main/extensions Signed-off-by: Shivam Mishra <shimish2@cisco.com> 2022-02-24 15:31:36 -05:00			fmt.Sprintf(`{"configs":[{"_name":"imagetest","url":"%s%s%s","showspinner":false}]}`,
			`BaseSecureURL1, constants.RoutePrefix, constants.ExtCatalogPrefix))`
TLS certs in CLI client resolve #194 2021-07-06 11:50:46 -05:00			`defer os.Remove(configPath)`

			`home := os.Getenv("HOME")`
			`destCertsDir := filepath.Join(home, certsDir1)`
storage: improve/fix oci image validation Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com> 2022-01-19 14:54:17 -05:00			`if err = test.CopyFiles(sourceCertsDir, destCertsDir); err != nil {`
TLS certs in CLI client resolve #194 2021-07-06 11:50:46 -05:00			`panic(err)`
			`}`
			`defer os.RemoveAll(destCertsDir)`

			`args := []string{"imagetest"}`
			`imageCmd := NewImageCommand(new(searchService))`
			`imageBuff := bytes.NewBufferString("")`
			`imageCmd.SetOut(imageBuff)`
go.mod: update modules 2021-05-21 15:47:28 -05:00			`imageCmd.SetErr(imageBuff)`
TLS certs in CLI client resolve #194 2021-07-06 11:50:46 -05:00			`imageCmd.SetArgs(args)`
			`err := imageCmd.Execute()`
			`So(err, ShouldBeNil)`
			`})`
			`})`
			`}`

			`func TestTLSBadCerts(t *testing.T) {`
			`Convey("Make a new controller", t, func() {`
Replaced deprecated io/ioutil functions (#768) Signed-off-by: slab713 <109306207+slab713@users.noreply.github.com> 2022-09-02 07:56:02 -05:00			`caCert, err := os.ReadFile(CACert)`
TLS certs in CLI client resolve #194 2021-07-06 11:50:46 -05:00			`So(err, ShouldBeNil)`
			`caCertPool := x509.NewCertPool()`
			`caCertPool.AppendCertsFromPEM(caCert)`

lint: upgrade golangci-lint Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com> 2021-12-13 14:23:31 -05:00			`resty.SetTLSClientConfig(&tls.Config{RootCAs: caCertPool, MinVersion: tls.VersionTLS12})`
TLS certs in CLI client resolve #194 2021-07-06 11:50:46 -05:00			`defer func() { resty.SetTLSClientConfig(nil) }()`
Added new extension "sync" Periodically poll registries and pull images according to sync's config Added sync on demand, syncing when clients asks for an image which zot doesn't have. Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2021-06-08 15:11:18 -05:00			`conf := config.New()`
			`conf.HTTP.Port = SecurePort3`
			`conf.HTTP.TLS = &config.TLSConfig{`
TLS certs in CLI client resolve #194 2021-07-06 11:50:46 -05:00			`Cert: ServerCert,`
			`Key: ServerKey,`
			`CACert: CACert,`
			`}`

lint: upgrade golangci-lint Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com> 2021-12-13 14:23:31 -05:00			`ctlr := api.NewController(conf)`
test: use `T.TempDir` to create temporary test directory The directory created by `T.TempDir` is automatically removed when the test and all its subtests complete. Reference: https://pkg.go.dev/testing#T.TempDir Signed-off-by: Eng Zer Jun <engzerjun@gmail.com> 2022-03-07 03:55:12 -05:00			`ctlr.Config.Storage.RootDirectory = t.TempDir()`
TLS certs in CLI client resolve #194 2021-07-06 11:50:46 -05:00			`go func() {`
			`// this blocks`
lint: Move out config reloader context from controller struct Signed-off-by: Petu Eusebiu <peusebiu@cisco.com> 2022-03-24 07:49:51 -05:00			`if err := ctlr.Run(context.Background()); err != nil {`
TLS certs in CLI client resolve #194 2021-07-06 11:50:46 -05:00			`return`
			`}`
			`}()`

			`// wait till ready`
			`for {`
			`_, err := resty.R().Get(BaseURL3)`
			`if err == nil {`
			`break`
			`}`
			`time.Sleep(100 * time.Millisecond)`
			`}`

			`defer func() {`
			`ctx := context.Background()`
lint: upgrade golangci-lint Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com> 2021-12-13 14:23:31 -05:00			`_ = ctlr.Server.Shutdown(ctx)`
TLS certs in CLI client resolve #194 2021-07-06 11:50:46 -05:00			`}()`

			`Convey("Test with system certs", func() {`
			`configPath := makeConfigFile(`
ext: use distribution spec route prefix for extension api Following the spec defined here https://github.com/opencontainers/distribution-spec/tree/main/extensions Signed-off-by: Shivam Mishra <shimish2@cisco.com> 2022-02-24 15:31:36 -05:00			fmt.Sprintf(`{"configs":[{"_name":"imagetest","url":"%s%s%s","showspinner":false}]}`,
			`BaseSecureURL3, constants.RoutePrefix, constants.ExtCatalogPrefix))`
TLS certs in CLI client resolve #194 2021-07-06 11:50:46 -05:00			`defer os.Remove(configPath)`

			`args := []string{"imagetest"}`
			`imageCmd := NewImageCommand(new(searchService))`
			`imageBuff := bytes.NewBufferString("")`
			`imageCmd.SetOut(imageBuff)`
go.mod: update modules 2021-05-21 15:47:28 -05:00			`imageCmd.SetErr(imageBuff)`
TLS certs in CLI client resolve #194 2021-07-06 11:50:46 -05:00			`imageCmd.SetArgs(args)`
			`err := imageCmd.Execute()`
			`So(err, ShouldNotBeNil)`
			`So(imageBuff.String(), ShouldContainSubstring, "certificate signed by unknown authority")`
			`})`
			`})`
			`}`