From d2fbd273ba1c027b4a3fa4cb784821fa7c156cf0 Mon Sep 17 00:00:00 2001 From: Alexei Dodon Date: Thu, 26 Oct 2023 11:20:39 +0300 Subject: [PATCH] fix: tests refactoring (#1950) Signed-off-by: Alexei Dodon --- pkg/api/authn_test.go | 24 +- pkg/api/controller_test.go | 572 +++++++++++++----------- pkg/api/routes_test.go | 6 +- pkg/cli/client/client_test.go | 12 +- pkg/cli/server/config_reloader_test.go | 10 +- pkg/debug/pprof/pprof_test.go | 15 +- pkg/extensions/extensions_test.go | 32 +- pkg/extensions/lint/lint_test.go | 40 +- pkg/extensions/search/cve/cve_test.go | 119 ++--- pkg/extensions/search/userprefs_test.go | 77 ++-- pkg/extensions/sync/sync_test.go | 22 +- pkg/log/log_test.go | 43 +- pkg/storage/cache_benchmark_test.go | 49 +- pkg/test/common/fs.go | 10 +- pkg/test/common/fs_test.go | 57 +++ pkg/test/common/utils.go | 40 +- 16 files changed, 624 insertions(+), 504 deletions(-) diff --git a/pkg/api/authn_test.go b/pkg/api/authn_test.go index b989d786..c332f1dc 100644 --- a/pkg/api/authn_test.go +++ b/pkg/api/authn_test.go @@ -79,7 +79,9 @@ func TestAPIKeys(t *testing.T) { conf := config.New() conf.HTTP.Port = port - htpasswdPath := test.MakeHtpasswdFile() + username, seedUser := test.GenerateRandomString() + password, seedPass := test.GenerateRandomString() + htpasswdPath := test.MakeHtpasswdFileFromString(test.GetCredString(username, password)) defer os.Remove(htpasswdPath) mockOIDCServer, err := authutils.MockOIDCRun() @@ -125,6 +127,7 @@ func TestAPIKeys(t *testing.T) { conf.Extensions.UI.Enable = &defaultVal ctlr := api.NewController(conf) + ctlr.Log.Info().Int64("seedUser", seedUser).Int64("seedPass", seedPass).Msg("random seed for username & password") dir := t.TempDir() ctlr.Config.Storage.RootDirectory = dir @@ -145,7 +148,7 @@ func TestAPIKeys(t *testing.T) { Convey("API key retrieved with basic auth", func() { resp, err := resty.R(). SetBody(reqBody). - SetBasicAuth("test", "test"). + SetBasicAuth(username, password). Post(baseURL + constants.APIKeyPath) So(err, ShouldBeNil) So(resp, ShouldNotBeNil) @@ -162,7 +165,7 @@ func TestAPIKeys(t *testing.T) { So(email, ShouldNotBeEmpty) resp, err = resty.R(). - SetBasicAuth("test", apiKeyResponse.APIKey). + SetBasicAuth(username, apiKeyResponse.APIKey). Get(baseURL + "/v2/_catalog") So(err, ShouldBeNil) So(resp, ShouldNotBeNil) @@ -170,7 +173,7 @@ func TestAPIKeys(t *testing.T) { // get API key list with basic auth resp, err = resty.R(). - SetBasicAuth("test", "test"). + SetBasicAuth(username, password). Get(baseURL + constants.APIKeyPath) So(err, ShouldBeNil) So(resp, ShouldNotBeNil) @@ -189,7 +192,7 @@ func TestAPIKeys(t *testing.T) { // add another one resp, err = resty.R(). SetBody(reqBody). - SetBasicAuth("test", "test"). + SetBasicAuth(username, password). Post(baseURL + constants.APIKeyPath) So(err, ShouldBeNil) So(resp, ShouldNotBeNil) @@ -199,7 +202,7 @@ func TestAPIKeys(t *testing.T) { So(err, ShouldBeNil) resp, err = resty.R(). - SetBasicAuth("test", apiKeyResponse.APIKey). + SetBasicAuth(username, apiKeyResponse.APIKey). Get(baseURL + "/v2/_catalog") So(err, ShouldBeNil) So(resp, ShouldNotBeNil) @@ -207,7 +210,7 @@ func TestAPIKeys(t *testing.T) { // get API key list with api key auth resp, err = resty.R(). - SetBasicAuth("test", apiKeyResponse.APIKey). + SetBasicAuth(username, apiKeyResponse.APIKey). Get(baseURL + constants.APIKeyPath) So(err, ShouldBeNil) So(resp, ShouldNotBeNil) @@ -600,7 +603,7 @@ func TestAPIKeys(t *testing.T) { So(len(apiKeyListResponse.APIKeys), ShouldEqual, 0) resp, err = client.R(). - SetBasicAuth("test", "test"). + SetBasicAuth(username, password). SetQueryParam("id", apiKeyResponse.UUID). Delete(baseURL + constants.APIKeyPath) So(err, ShouldBeNil) @@ -832,7 +835,9 @@ func TestAPIKeys(t *testing.T) { func TestAPIKeysOpenDBError(t *testing.T) { Convey("Test API keys - unable to create database", t, func() { conf := config.New() - htpasswdPath := test.MakeHtpasswdFile() + username, seedUser := test.GenerateRandomString() + password, seedPass := test.GenerateRandomString() + htpasswdPath := test.MakeHtpasswdFileFromString(test.GetCredString(username, password)) defer os.Remove(htpasswdPath) mockOIDCServer, err := authutils.MockOIDCRun() @@ -871,6 +876,7 @@ func TestAPIKeysOpenDBError(t *testing.T) { } ctlr := api.NewController(conf) + ctlr.Log.Info().Int64("seedUser", seedUser).Int64("seedPass", seedPass).Msg("random seed for username & password") dir := t.TempDir() err = os.Chmod(dir, 0o000) diff --git a/pkg/api/controller_test.go b/pkg/api/controller_test.go index 0fdf0c90..faeb9482 100644 --- a/pkg/api/controller_test.go +++ b/pkg/api/controller_test.go @@ -46,7 +46,6 @@ import ( . "github.com/smartystreets/goconvey/convey" "github.com/stretchr/testify/assert" "go.etcd.io/bbolt" - "golang.org/x/crypto/bcrypt" "gopkg.in/resty.v1" "zotregistry.io/zot/errors" @@ -73,31 +72,22 @@ import ( ) const ( - username = "test" - htpasswdUsername = "htpasswduser" - passphrase = "test" - group = "test" - repo = "test" ServerCert = "../../test/data/server.cert" ServerKey = "../../test/data/server.key" CACert = "../../test/data/ca.crt" - AuthorizedNamespace = "everyone/isallowed" UnauthorizedNamespace = "fortknox/notallowed" - ALICE = "alice" AuthorizationNamespace = "authz/image" - AuthorizationAllRepos = "**" + LDAPAddress = "127.0.0.1" ) -func getCredString(username, password string) string { - hash, err := bcrypt.GenerateFromPassword([]byte(password), 10) - if err != nil { - panic(err) - } - - usernameAndHash := fmt.Sprintf("%s:%s", username, string(hash)) - - return usernameAndHash -} +var ( + username = "test" //nolint: gochecknoglobals + password = "test" //nolint: gochecknoglobals + group = "test" //nolint: gochecknoglobals + LDAPBaseDN = "ou=" + username //nolint: gochecknoglobals + LDAPBindDN = "cn=reader," + LDAPBaseDN //nolint: gochecknoglobals + LDAPBindPassword = "ldappass" //nolint: gochecknoglobals +) func TestNew(t *testing.T) { Convey("Make a new controller", t, func() { @@ -522,10 +512,10 @@ func TestHtpasswdSingleCred(t *testing.T) { port := test.GetFreePort() baseURL := test.GetBaseURL(port) singleCredtests := []string{} - user := ALICE - password := ALICE - singleCredtests = append(singleCredtests, getCredString(user, password)) - singleCredtests = append(singleCredtests, getCredString(user, password)+"\n") + user, seedUser := test.GenerateRandomString() + password, seedPass := test.GenerateRandomString() + singleCredtests = append(singleCredtests, test.GetCredString(user, password)) + singleCredtests = append(singleCredtests, test.GetCredString(user, password)) for _, testString := range singleCredtests { func() { @@ -543,6 +533,7 @@ func TestHtpasswdSingleCred(t *testing.T) { conf.HTTP.AllowOrigin = conf.HTTP.Address ctlr := makeController(conf, t.TempDir()) + ctlr.Log.Info().Int64("seedUser", seedUser).Int64("seedPass", seedPass).Msg("random seed for username & password") cm := test.NewControllerManager(ctlr) cm.StartAndWait(port) @@ -583,9 +574,7 @@ func TestAllowMethodsHeader(t *testing.T) { simpleUser := "simpleUser" simpleUserPassword := "simpleUserPass" - credTests := fmt.Sprintf("%s\n\n", getCredString(simpleUser, simpleUserPassword)) - - htpasswdPath := test.MakeHtpasswdFileFromString(credTests) + htpasswdPath := test.MakeHtpasswdFileFromString(test.GetCredString(simpleUser, simpleUserPassword)) defer os.Remove(htpasswdPath) conf.HTTP.Auth = &config.AuthConfig{ @@ -661,14 +650,14 @@ func TestHtpasswdTwoCreds(t *testing.T) { password1 := "aliciapassword" user2 := "bob" password2 := "robert" - twoCredTests = append(twoCredTests, getCredString(user1, password1)+"\n"+ - getCredString(user2, password2)) + twoCredTests = append(twoCredTests, test.GetCredString(user1, password1)+"\n"+ + test.GetCredString(user2, password2)) - twoCredTests = append(twoCredTests, getCredString(user1, password1)+"\n"+ - getCredString(user2, password2)+"\n") + twoCredTests = append(twoCredTests, test.GetCredString(user1, password1)+"\n"+ + test.GetCredString(user2, password2)+"\n") - twoCredTests = append(twoCredTests, getCredString(user1, password1)+"\n\n"+ - getCredString(user2, password2)+"\n\n") + twoCredTests = append(twoCredTests, test.GetCredString(user1, password1)+"\n\n"+ + test.GetCredString(user2, password2)+"\n\n") for _, testString := range twoCredTests { func() { @@ -717,7 +706,7 @@ func TestHtpasswdFiveCreds(t *testing.T) { } credString := strings.Builder{} for key, val := range tests { - credString.WriteString(getCredString(key, val) + "\n") + credString.WriteString(test.GetCredString(key, val) + "\n") } func() { @@ -862,7 +851,9 @@ func TestBasicAuth(t *testing.T) { baseURL := test.GetBaseURL(port) conf := config.New() conf.HTTP.Port = port - htpasswdPath := test.MakeHtpasswdFile() + username, seedUser := test.GenerateRandomString() + password, seedPass := test.GenerateRandomString() + htpasswdPath := test.MakeHtpasswdFileFromString(test.GetCredString(username, password)) defer os.Remove(htpasswdPath) conf.HTTP.Auth = &config.AuthConfig{ @@ -871,6 +862,7 @@ func TestBasicAuth(t *testing.T) { }, } ctlr := makeController(conf, t.TempDir()) + ctlr.Log.Info().Int64("seedUser", seedUser).Int64("seedPass", seedPass).Msg("random seed for username & password") cm := test.NewControllerManager(ctlr) cm.StartAndWait(port) @@ -886,11 +878,11 @@ func TestBasicAuth(t *testing.T) { So(err, ShouldBeNil) // with creds, should get expected status code - resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(baseURL) + resp, _ = resty.R().SetBasicAuth(username, password).Get(baseURL) So(resp, ShouldNotBeNil) So(resp.StatusCode(), ShouldEqual, http.StatusNotFound) - resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(baseURL + "/v2/") + resp, _ = resty.R().SetBasicAuth(username, password).Get(baseURL + "/v2/") So(resp, ShouldNotBeNil) So(resp.StatusCode(), ShouldEqual, http.StatusOK) }) @@ -915,7 +907,8 @@ func TestBlobReferenced(t *testing.T) { So(resp, ShouldNotBeNil) So(resp.StatusCode(), ShouldEqual, http.StatusOK) - repoName := "repo" + repoName, seed := test.GenerateRandomName() + ctlr.Log.Info().Int64("seed", seed).Msg("random seed for repoName") img := CreateRandomImage() @@ -970,7 +963,11 @@ func TestInterruptedBlobUpload(t *testing.T) { //nolint: dupl Convey("Test interrupt PATCH blob upload", func() { - resp, err := client.R().Post(baseURL + "/v2/" + AuthorizedNamespace + "/blobs/uploads/") + s1, seed1 := test.GenerateRandomName() + s2, seed2 := test.GenerateRandomName() + repoName := s1 + "/" + s2 + ctlr.Log.Info().Int64("seed1", seed1).Int64("seed2", seed2).Msg("random seeds for repoName") + resp, err := client.R().Post(baseURL + "/v2/" + repoName + "/blobs/uploads/") So(err, ShouldBeNil) So(resp, ShouldNotBeNil) So(resp.StatusCode(), ShouldEqual, http.StatusAccepted) @@ -999,7 +996,7 @@ func TestInterruptedBlobUpload(t *testing.T) { // if the blob upload has started then interrupt by running cancel() for { - n, err := ctlr.StoreController.DefaultStore.GetBlobUpload(AuthorizedNamespace, sessionID) + n, err := ctlr.StoreController.DefaultStore.GetBlobUpload(repoName, sessionID) if n > 0 && err == nil { cancel() @@ -1012,7 +1009,7 @@ func TestInterruptedBlobUpload(t *testing.T) { // wait for zot to remove blobUpload time.Sleep(1 * time.Second) - resp, err = client.R().Get(baseURL + "/v2/" + AuthorizedNamespace + "/blobs/uploads/" + sessionID) + resp, err = client.R().Get(baseURL + "/v2/" + repoName + "/blobs/uploads/" + sessionID) So(err, ShouldBeNil) So(resp, ShouldNotBeNil) So(resp.StatusCode(), ShouldEqual, http.StatusNotFound) @@ -1020,7 +1017,11 @@ func TestInterruptedBlobUpload(t *testing.T) { //nolint: dupl Convey("Test negative interrupt PATCH blob upload", func() { - resp, err := client.R().Post(baseURL + "/v2/" + AuthorizedNamespace + "/blobs/uploads/") + s1, seed1 := test.GenerateRandomName() + s2, seed2 := test.GenerateRandomName() + repoName := s1 + "/" + s2 + ctlr.Log.Info().Int64("seed1", seed1).Int64("seed2", seed2).Msg("random seeds for repoName") + resp, err := client.R().Post(baseURL + "/v2/" + repoName + "/blobs/uploads/") So(err, ShouldBeNil) So(resp, ShouldNotBeNil) So(resp.StatusCode(), ShouldEqual, http.StatusAccepted) @@ -1049,10 +1050,10 @@ func TestInterruptedBlobUpload(t *testing.T) { // if the blob upload has started then interrupt by running cancel() for { - n, err := ctlr.StoreController.DefaultStore.GetBlobUpload(AuthorizedNamespace, sessionID) + n, err := ctlr.StoreController.DefaultStore.GetBlobUpload(repoName, sessionID) if n > 0 && err == nil { // cleaning blob uploads, so that zot fails to clean up, +code coverage - err = ctlr.StoreController.DefaultStore.DeleteBlobUpload(AuthorizedNamespace, sessionID) + err = ctlr.StoreController.DefaultStore.DeleteBlobUpload(repoName, sessionID) So(err, ShouldBeNil) cancel() @@ -1065,7 +1066,7 @@ func TestInterruptedBlobUpload(t *testing.T) { // wait for zot to remove blobUpload time.Sleep(1 * time.Second) - resp, err = client.R().Get(baseURL + "/v2/" + AuthorizedNamespace + "/blobs/uploads/" + sessionID) + resp, err = client.R().Get(baseURL + "/v2/" + repoName + "/blobs/uploads/" + sessionID) So(err, ShouldBeNil) So(resp, ShouldNotBeNil) So(resp.StatusCode(), ShouldEqual, http.StatusNotFound) @@ -1073,7 +1074,11 @@ func TestInterruptedBlobUpload(t *testing.T) { //nolint: dupl Convey("Test interrupt PUT blob upload", func() { - resp, err := client.R().Post(baseURL + "/v2/" + AuthorizedNamespace + "/blobs/uploads/") + s1, seed1 := test.GenerateRandomName() + s2, seed2 := test.GenerateRandomName() + repoName := s1 + "/" + s2 + ctlr.Log.Info().Int64("seed1", seed1).Int64("seed2", seed2).Msg("random seeds for repoName") + resp, err := client.R().Post(baseURL + "/v2/" + repoName + "/blobs/uploads/") So(err, ShouldBeNil) So(resp, ShouldNotBeNil) So(resp.StatusCode(), ShouldEqual, http.StatusAccepted) @@ -1102,7 +1107,7 @@ func TestInterruptedBlobUpload(t *testing.T) { // if the blob upload has started then interrupt by running cancel() for { - n, err := ctlr.StoreController.DefaultStore.GetBlobUpload(AuthorizedNamespace, sessionID) + n, err := ctlr.StoreController.DefaultStore.GetBlobUpload(repoName, sessionID) if n > 0 && err == nil { cancel() @@ -1115,7 +1120,7 @@ func TestInterruptedBlobUpload(t *testing.T) { // wait for zot to try to remove blobUpload time.Sleep(1 * time.Second) - resp, err = client.R().Get(baseURL + "/v2/" + AuthorizedNamespace + "/blobs/uploads/" + sessionID) + resp, err = client.R().Get(baseURL + "/v2/" + repoName + "/blobs/uploads/" + sessionID) So(err, ShouldBeNil) So(resp, ShouldNotBeNil) So(resp.StatusCode(), ShouldEqual, http.StatusNotFound) @@ -1123,7 +1128,11 @@ func TestInterruptedBlobUpload(t *testing.T) { //nolint: dupl Convey("Test negative interrupt PUT blob upload", func() { - resp, err := client.R().Post(baseURL + "/v2/" + AuthorizedNamespace + "/blobs/uploads/") + s1, seed1 := test.GenerateRandomName() + s2, seed2 := test.GenerateRandomName() + repoName := s1 + "/" + s2 + ctlr.Log.Info().Int64("seed1", seed1).Int64("seed2", seed2).Msg("random seeds for repoName") + resp, err := client.R().Post(baseURL + "/v2/" + repoName + "/blobs/uploads/") So(err, ShouldBeNil) So(resp, ShouldNotBeNil) So(resp.StatusCode(), ShouldEqual, http.StatusAccepted) @@ -1152,10 +1161,10 @@ func TestInterruptedBlobUpload(t *testing.T) { // if the blob upload has started then interrupt by running cancel() for { - n, err := ctlr.StoreController.DefaultStore.GetBlobUpload(AuthorizedNamespace, sessionID) + n, err := ctlr.StoreController.DefaultStore.GetBlobUpload(repoName, sessionID) if n > 0 && err == nil { // cleaning blob uploads, so that zot fails to clean up, +code coverage - err = ctlr.StoreController.DefaultStore.DeleteBlobUpload(AuthorizedNamespace, sessionID) + err = ctlr.StoreController.DefaultStore.DeleteBlobUpload(repoName, sessionID) So(err, ShouldBeNil) cancel() @@ -1168,7 +1177,7 @@ func TestInterruptedBlobUpload(t *testing.T) { // wait for zot to try to remove blobUpload time.Sleep(1 * time.Second) - resp, err = client.R().Get(baseURL + "/v2/" + AuthorizedNamespace + "/blobs/uploads/" + sessionID) + resp, err = client.R().Get(baseURL + "/v2/" + repoName + "/blobs/uploads/" + sessionID) So(err, ShouldBeNil) So(resp, ShouldNotBeNil) So(resp.StatusCode(), ShouldEqual, http.StatusNotFound) @@ -1182,7 +1191,9 @@ func TestMultipleInstance(t *testing.T) { baseURL := test.GetBaseURL(port) conf := config.New() conf.HTTP.Port = port - htpasswdPath := test.MakeHtpasswdFile() + username, seedUser := test.GenerateRandomString() + password, seedPass := test.GenerateRandomString() + htpasswdPath := test.MakeHtpasswdFileFromString(test.GetCredString(username, password)) defer os.Remove(htpasswdPath) conf.HTTP.Auth = &config.AuthConfig{ @@ -1191,6 +1202,7 @@ func TestMultipleInstance(t *testing.T) { }, } ctlr := api.NewController(conf) + ctlr.Log.Info().Int64("seedUser", seedUser).Int64("seedPass", seedPass).Msg("random seed for username & password") err := ctlr.Init(context.Background()) So(err, ShouldEqual, errors.ErrImgStoreNotFound) @@ -1208,7 +1220,7 @@ func TestMultipleInstance(t *testing.T) { client := resty.New() - tagResponse, err := client.R().SetBasicAuth(username, passphrase). + tagResponse, err := client.R().SetBasicAuth(username, password). Get(baseURL + "/v2/zot-test/tags/list") So(err, ShouldBeNil) So(tagResponse.StatusCode(), ShouldEqual, http.StatusNotFound) @@ -1219,7 +1231,9 @@ func TestMultipleInstance(t *testing.T) { baseURL := test.GetBaseURL(port) conf := config.New() conf.HTTP.Port = port - htpasswdPath := test.MakeHtpasswdFile() + username, seedUser := test.GenerateRandomString() + password, seedPass := test.GenerateRandomString() + htpasswdPath := test.MakeHtpasswdFileFromString(test.GetCredString(username, password)) defer os.Remove(htpasswdPath) conf.HTTP.Auth = &config.AuthConfig{ @@ -1230,6 +1244,7 @@ func TestMultipleInstance(t *testing.T) { globalDir := t.TempDir() subDir := t.TempDir() ctlr := makeController(conf, globalDir) + ctlr.Log.Info().Int64("seedUser", seedUser).Int64("seedPass", seedPass).Msg("random seed for username & password") subPathMap := make(map[string]config.StorageConfig) subPathMap["/a"] = config.StorageConfig{RootDirectory: subDir} @@ -1247,11 +1262,11 @@ func TestMultipleInstance(t *testing.T) { So(err, ShouldBeNil) // with creds, should get expected status code - resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(baseURL) + resp, _ = resty.R().SetBasicAuth(username, password).Get(baseURL) So(resp, ShouldNotBeNil) So(resp.StatusCode(), ShouldEqual, http.StatusNotFound) - resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(baseURL + "/v2/") + resp, _ = resty.R().SetBasicAuth(username, password).Get(baseURL + "/v2/") So(resp, ShouldNotBeNil) So(resp.StatusCode(), ShouldEqual, http.StatusOK) }) @@ -1261,7 +1276,9 @@ func TestMultipleInstance(t *testing.T) { baseURL := test.GetBaseURL(port) conf := config.New() conf.HTTP.Port = port - htpasswdPath := test.MakeHtpasswdFile() + username, seedUser := test.GenerateRandomString() + password, seedPass := test.GenerateRandomString() + htpasswdPath := test.MakeHtpasswdFileFromString(test.GetCredString(username, password)) defer os.Remove(htpasswdPath) conf.HTTP.Auth = &config.AuthConfig{ @@ -1273,6 +1290,7 @@ func TestMultipleInstance(t *testing.T) { subDir := t.TempDir() ctlr := makeController(conf, globalDir) + ctlr.Log.Info().Int64("seedUser", seedUser).Int64("seedPass", seedPass).Msg("random seed for username & password") subPathMap := make(map[string]config.StorageConfig) subPathMap["/a"] = config.StorageConfig{RootDirectory: globalDir, Dedupe: true, GC: true} subPathMap["/b"] = config.StorageConfig{RootDirectory: subDir, Dedupe: true, GC: true} @@ -1310,11 +1328,11 @@ func TestMultipleInstance(t *testing.T) { So(err, ShouldBeNil) // with creds, should get expected status code - resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(baseURL) + resp, _ = resty.R().SetBasicAuth(username, password).Get(baseURL) So(resp, ShouldNotBeNil) So(resp.StatusCode(), ShouldEqual, http.StatusNotFound) - resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(baseURL + "/v2/") + resp, _ = resty.R().SetBasicAuth(username, password).Get(baseURL + "/v2/") So(resp, ShouldNotBeNil) So(resp.StatusCode(), ShouldEqual, http.StatusOK) }) @@ -1326,7 +1344,9 @@ func TestTLSWithBasicAuth(t *testing.T) { So(err, ShouldBeNil) caCertPool := x509.NewCertPool() caCertPool.AppendCertsFromPEM(caCert) - htpasswdPath := test.MakeHtpasswdFile() + username, seedUser := test.GenerateRandomString() + password, seedPass := test.GenerateRandomString() + htpasswdPath := test.MakeHtpasswdFileFromString(test.GetCredString(username, password)) defer os.Remove(htpasswdPath) port := test.GetFreePort() @@ -1348,6 +1368,7 @@ func TestTLSWithBasicAuth(t *testing.T) { } ctlr := makeController(conf, t.TempDir()) + ctlr.Log.Info().Int64("seedUser", seedUser).Int64("seedPass", seedPass).Msg("random seed for username & password") cm := test.NewControllerManager(ctlr) cm.StartAndWait(port) @@ -1369,11 +1390,11 @@ func TestTLSWithBasicAuth(t *testing.T) { So(err, ShouldBeNil) // with creds, should get expected status code - resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(secureBaseURL) + resp, _ = resty.R().SetBasicAuth(username, password).Get(secureBaseURL) So(resp, ShouldNotBeNil) So(resp.StatusCode(), ShouldEqual, http.StatusNotFound) - resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(secureBaseURL + "/v2/") + resp, _ = resty.R().SetBasicAuth(username, password).Get(secureBaseURL + "/v2/") So(resp, ShouldNotBeNil) So(resp.StatusCode(), ShouldEqual, http.StatusOK) }) @@ -1385,7 +1406,9 @@ func TestTLSWithBasicAuthAllowReadAccess(t *testing.T) { So(err, ShouldBeNil) caCertPool := x509.NewCertPool() caCertPool.AppendCertsFromPEM(caCert) - htpasswdPath := test.MakeHtpasswdFile() + username, seedUser := test.GenerateRandomString() + password, seedPass := test.GenerateRandomString() + htpasswdPath := test.MakeHtpasswdFileFromString(test.GetCredString(username, password)) defer os.Remove(htpasswdPath) port := test.GetFreePort() @@ -1408,13 +1431,14 @@ func TestTLSWithBasicAuthAllowReadAccess(t *testing.T) { conf.HTTP.AccessControl = &config.AccessControlConfig{ Repositories: config.Repositories{ - AuthorizationAllRepos: config.PolicyGroup{ + test.AuthorizationAllRepos: config.PolicyGroup{ AnonymousPolicy: []string{"read"}, }, }, } ctlr := makeController(conf, t.TempDir()) + ctlr.Log.Info().Int64("seedUser", seedUser).Int64("seedPass", seedPass).Msg("random seed for username & password") cm := test.NewControllerManager(ctlr) cm.StartAndWait(port) @@ -1432,11 +1456,11 @@ func TestTLSWithBasicAuthAllowReadAccess(t *testing.T) { So(resp.StatusCode(), ShouldEqual, http.StatusOK) // with creds, should get expected status code - resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(secureBaseURL) + resp, _ = resty.R().SetBasicAuth(username, password).Get(secureBaseURL) So(resp, ShouldNotBeNil) So(resp.StatusCode(), ShouldEqual, http.StatusNotFound) - resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(secureBaseURL + "/v2/") + resp, _ = resty.R().SetBasicAuth(username, password).Get(secureBaseURL + "/v2/") So(resp, ShouldNotBeNil) So(resp.StatusCode(), ShouldEqual, http.StatusOK) @@ -1453,8 +1477,6 @@ func TestMutualTLSAuthWithUserPermissions(t *testing.T) { So(err, ShouldBeNil) caCertPool := x509.NewCertPool() caCertPool.AppendCertsFromPEM(caCert) - htpasswdPath := test.MakeHtpasswdFile() - defer os.Remove(htpasswdPath) port := test.GetFreePort() baseURL := test.GetBaseURL(port) @@ -1473,7 +1495,7 @@ func TestMutualTLSAuthWithUserPermissions(t *testing.T) { conf.HTTP.AccessControl = &config.AccessControlConfig{ Repositories: config.Repositories{ - AuthorizationAllRepos: config.PolicyGroup{ + test.AuthorizationAllRepos: config.PolicyGroup{ Policies: []config.Policy{ { Users: []string{"*"}, @@ -1495,7 +1517,7 @@ func TestMutualTLSAuthWithUserPermissions(t *testing.T) { So(resp, ShouldNotBeNil) So(resp.StatusCode(), ShouldEqual, http.StatusBadRequest) - repoPolicy := conf.HTTP.AccessControl.Repositories[AuthorizationAllRepos] + repoPolicy := conf.HTTP.AccessControl.Repositories[test.AuthorizationAllRepos] // setup TLS mutual auth cert, err := tls.LoadX509KeyPair("../../test/data/client.cert", "../../test/data/client.key") @@ -1533,7 +1555,7 @@ func TestMutualTLSAuthWithUserPermissions(t *testing.T) { // empty default authorization and give user the permission to create repoPolicy.Policies[0].Actions = append(repoPolicy.Policies[0].Actions, "create") - conf.HTTP.AccessControl.Repositories[AuthorizationAllRepos] = repoPolicy + conf.HTTP.AccessControl.Repositories[test.AuthorizationAllRepos] = repoPolicy resp, err = resty.R().Post(secureBaseURL + "/v2/repo/blobs/uploads/") So(err, ShouldBeNil) So(resp.StatusCode(), ShouldEqual, http.StatusAccepted) @@ -1563,7 +1585,7 @@ func TestMutualTLSAuthWithoutCN(t *testing.T) { conf.HTTP.AccessControl = &config.AccessControlConfig{ Repositories: config.Repositories{ - AuthorizationAllRepos: config.PolicyGroup{ + test.AuthorizationAllRepos: config.PolicyGroup{ Policies: []config.Policy{ { Users: []string{"*"}, @@ -1630,8 +1652,11 @@ func TestTLSMutualAuth(t *testing.T) { _, err = resty.R().Get(secureBaseURL) So(err, ShouldNotBeNil) + username, seedUser := test.GenerateRandomString() + password, seedPass := test.GenerateRandomString() + ctlr.Log.Info().Int64("seedUser", seedUser).Int64("seedPass", seedPass).Msg("random seed for username & password") // with creds but without certs, should get conn error - _, err = resty.R().SetBasicAuth(username, passphrase).Get(secureBaseURL) + _, err = resty.R().SetBasicAuth(username, password).Get(secureBaseURL) So(err, ShouldNotBeNil) // setup TLS mutual auth @@ -1648,12 +1673,12 @@ func TestTLSMutualAuth(t *testing.T) { So(resp.StatusCode(), ShouldEqual, http.StatusOK) // with client certs and creds, should get expected status code - resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(secureBaseURL) + resp, _ = resty.R().SetBasicAuth(username, password).Get(secureBaseURL) So(resp, ShouldNotBeNil) So(resp.StatusCode(), ShouldEqual, http.StatusNotFound) // with client certs, creds shouldn't matter - resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(secureBaseURL + "/v2/") + resp, _ = resty.R().SetBasicAuth(username, password).Get(secureBaseURL + "/v2/") So(resp, ShouldNotBeNil) So(resp.StatusCode(), ShouldEqual, http.StatusOK) }) @@ -1682,7 +1707,7 @@ func TestTLSMutualAuthAllowReadAccess(t *testing.T) { conf.HTTP.AccessControl = &config.AccessControlConfig{ Repositories: config.Repositories{ - AuthorizationAllRepos: config.PolicyGroup{ + test.AuthorizationAllRepos: config.PolicyGroup{ AnonymousPolicy: []string{"read"}, }, }, @@ -1705,8 +1730,11 @@ func TestTLSMutualAuthAllowReadAccess(t *testing.T) { So(err, ShouldBeNil) So(resp.StatusCode(), ShouldEqual, http.StatusOK) + username, seedUser := test.GenerateRandomString() + password, seedPass := test.GenerateRandomString() + ctlr.Log.Info().Int64("seedUser", seedUser).Int64("seedPass", seedPass).Msg("random seed for username & password") // with creds but without certs, reads are allowed - resp, err = resty.R().SetBasicAuth(username, passphrase).Get(secureBaseURL + "/v2/") + resp, err = resty.R().SetBasicAuth(username, password).Get(secureBaseURL + "/v2/") So(err, ShouldBeNil) So(resp.StatusCode(), ShouldEqual, http.StatusOK) @@ -1729,12 +1757,12 @@ func TestTLSMutualAuthAllowReadAccess(t *testing.T) { So(resp.StatusCode(), ShouldEqual, http.StatusOK) // with client certs and creds, should get expected status code - resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(secureBaseURL) + resp, _ = resty.R().SetBasicAuth(username, password).Get(secureBaseURL) So(resp, ShouldNotBeNil) So(resp.StatusCode(), ShouldEqual, http.StatusNotFound) // with client certs, creds shouldn't matter - resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(secureBaseURL + "/v2/") + resp, _ = resty.R().SetBasicAuth(username, password).Get(secureBaseURL + "/v2/") So(resp, ShouldNotBeNil) So(resp.StatusCode(), ShouldEqual, http.StatusOK) }) @@ -1746,7 +1774,9 @@ func TestTLSMutualAndBasicAuth(t *testing.T) { So(err, ShouldBeNil) caCertPool := x509.NewCertPool() caCertPool.AppendCertsFromPEM(caCert) - htpasswdPath := test.MakeHtpasswdFile() + username, seedUser := test.GenerateRandomString() + password, seedPass := test.GenerateRandomString() + htpasswdPath := test.MakeHtpasswdFileFromString(test.GetCredString(username, password)) defer os.Remove(htpasswdPath) port := test.GetFreePort() @@ -1769,6 +1799,7 @@ func TestTLSMutualAndBasicAuth(t *testing.T) { } ctlr := makeController(conf, t.TempDir()) + ctlr.Log.Info().Int64("seedUser", seedUser).Int64("seedPass", seedPass).Msg("random seed for username & password") cm := test.NewControllerManager(ctlr) cm.StartAndWait(port) @@ -1787,7 +1818,7 @@ func TestTLSMutualAndBasicAuth(t *testing.T) { So(resp.StatusCode(), ShouldEqual, http.StatusBadRequest) // with creds but without certs, should succeed - _, err = resty.R().SetBasicAuth(username, passphrase).Get(secureBaseURL) + _, err = resty.R().SetBasicAuth(username, password).Get(secureBaseURL) So(err, ShouldBeNil) So(resp, ShouldNotBeNil) So(resp.StatusCode(), ShouldEqual, http.StatusBadRequest) @@ -1806,11 +1837,11 @@ func TestTLSMutualAndBasicAuth(t *testing.T) { So(resp.StatusCode(), ShouldEqual, http.StatusUnauthorized) // with client certs and creds, should get expected status code - resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(secureBaseURL) + resp, _ = resty.R().SetBasicAuth(username, password).Get(secureBaseURL) So(resp, ShouldNotBeNil) So(resp.StatusCode(), ShouldEqual, http.StatusNotFound) - resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(secureBaseURL + "/v2/") + resp, _ = resty.R().SetBasicAuth(username, password).Get(secureBaseURL + "/v2/") So(resp, ShouldNotBeNil) So(resp.StatusCode(), ShouldEqual, http.StatusOK) }) @@ -1822,7 +1853,9 @@ func TestTLSMutualAndBasicAuthAllowReadAccess(t *testing.T) { So(err, ShouldBeNil) caCertPool := x509.NewCertPool() caCertPool.AppendCertsFromPEM(caCert) - htpasswdPath := test.MakeHtpasswdFile() + username, seedUser := test.GenerateRandomString() + password, seedPass := test.GenerateRandomString() + htpasswdPath := test.MakeHtpasswdFileFromString(test.GetCredString(username, password)) defer os.Remove(htpasswdPath) port := test.GetFreePort() @@ -1846,13 +1879,14 @@ func TestTLSMutualAndBasicAuthAllowReadAccess(t *testing.T) { conf.HTTP.AccessControl = &config.AccessControlConfig{ Repositories: config.Repositories{ - AuthorizationAllRepos: config.PolicyGroup{ + test.AuthorizationAllRepos: config.PolicyGroup{ AnonymousPolicy: []string{"read"}, }, }, } ctlr := makeController(conf, t.TempDir()) + ctlr.Log.Info().Int64("seedUser", seedUser).Int64("seedPass", seedPass).Msg("random seed for username & password") cm := test.NewControllerManager(ctlr) cm.StartAndWait(port) @@ -1871,7 +1905,7 @@ func TestTLSMutualAndBasicAuthAllowReadAccess(t *testing.T) { So(resp.StatusCode(), ShouldEqual, http.StatusBadRequest) // with creds but without certs, should succeed - _, err = resty.R().SetBasicAuth(username, passphrase).Get(secureBaseURL) + _, err = resty.R().SetBasicAuth(username, password).Get(secureBaseURL) So(err, ShouldBeNil) So(resp, ShouldNotBeNil) So(resp.StatusCode(), ShouldEqual, http.StatusBadRequest) @@ -1894,23 +1928,16 @@ func TestTLSMutualAndBasicAuthAllowReadAccess(t *testing.T) { So(resp.StatusCode(), ShouldEqual, http.StatusUnauthorized) // with client certs and creds, should get expected status code - resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(secureBaseURL) + resp, _ = resty.R().SetBasicAuth(username, password).Get(secureBaseURL) So(resp, ShouldNotBeNil) So(resp.StatusCode(), ShouldEqual, http.StatusNotFound) - resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(secureBaseURL + "/v2/") + resp, _ = resty.R().SetBasicAuth(username, password).Get(secureBaseURL + "/v2/") So(resp, ShouldNotBeNil) So(resp.StatusCode(), ShouldEqual, http.StatusOK) }) } -const ( - LDAPAddress = "127.0.0.1" - LDAPBaseDN = "ou=test" - LDAPBindDN = "cn=reader," + LDAPBaseDN - LDAPBindPassword = "bindPassword" -) - type testLDAPServer struct { server *vldap.Server quitCh chan bool @@ -1958,7 +1985,7 @@ func (l *testLDAPServer) Bind(bindDN, bindSimplePw string, conn net.Conn) (vldap } if (bindDN == LDAPBindDN && bindSimplePw == LDAPBindPassword) || - (bindDN == fmt.Sprintf("cn=%s,%s", username, LDAPBaseDN) && bindSimplePw == passphrase) { + (bindDN == fmt.Sprintf("cn=%s,%s", username, LDAPBaseDN) && bindSimplePw == password) { return vldap.LDAPResultSuccess, nil } @@ -2030,11 +2057,11 @@ func TestBasicAuthWithLDAP(t *testing.T) { So(err, ShouldBeNil) // with creds, should get expected status code - resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(baseURL) + resp, _ = resty.R().SetBasicAuth(username, password).Get(baseURL) So(resp, ShouldNotBeNil) So(resp.StatusCode(), ShouldEqual, http.StatusNotFound) - resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(baseURL + "/v2/") + resp, _ = resty.R().SetBasicAuth(username, password).Get(baseURL + "/v2/") So(resp, ShouldNotBeNil) So(resp.StatusCode(), ShouldEqual, http.StatusOK) @@ -2073,6 +2100,7 @@ func TestGroupsPermissionsForLDAP(t *testing.T) { }, } + repoName, seed := test.GenerateRandomName() conf.HTTP.AccessControl = &config.AccessControlConfig{ Groups: config.Groups{ group: { @@ -2080,7 +2108,7 @@ func TestGroupsPermissionsForLDAP(t *testing.T) { }, }, Repositories: config.Repositories{ - repo: config.PolicyGroup{ + repoName: config.PolicyGroup{ Policies: []config.Policy{ { Groups: []string{group}, @@ -2097,6 +2125,7 @@ func TestGroupsPermissionsForLDAP(t *testing.T) { } ctlr := makeController(conf, tempDir) + ctlr.Log.Info().Int64("seed", seed).Msg("random seed for repoName") cm := test.NewControllerManager(ctlr) cm.StartAndWait(port) @@ -2105,8 +2134,8 @@ func TestGroupsPermissionsForLDAP(t *testing.T) { img := CreateDefaultImage() err = UploadImageWithBasicAuth( - img, baseURL, repo, img.DigestStr(), - username, passphrase) + img, baseURL, repoName, img.DigestStr(), + username, password) So(err, ShouldBeNil) }) } @@ -2207,7 +2236,11 @@ func TestBearerAuth(t *testing.T) { So(resp, ShouldNotBeNil) So(resp.StatusCode(), ShouldEqual, http.StatusNoContent) - resp, err = resty.R().Post(baseURL + "/v2/" + AuthorizedNamespace + "/blobs/uploads/") + s1, seed1 := test.GenerateRandomName() + s2, seed2 := test.GenerateRandomName() + repoName := s1 + "/" + s2 + ctlr.Log.Info().Int64("seed1", seed1).Int64("seed2", seed2).Msg("random seeds for repoName") + resp, err = resty.R().Post(baseURL + "/v2/" + repoName + "/blobs/uploads/") So(err, ShouldBeNil) So(resp, ShouldNotBeNil) So(resp.StatusCode(), ShouldEqual, http.StatusUnauthorized) @@ -2225,7 +2258,7 @@ func TestBearerAuth(t *testing.T) { resp, err = resty.R(). SetHeader("Authorization", fmt.Sprintf("Bearer %s", goodToken.AccessToken)). - Post(baseURL + "/v2/" + AuthorizedNamespace + "/blobs/uploads/") + Post(baseURL + "/v2/" + repoName + "/blobs/uploads/") So(err, ShouldBeNil) So(resp, ShouldNotBeNil) So(resp.StatusCode(), ShouldEqual, http.StatusAccepted) @@ -2265,7 +2298,7 @@ func TestBearerAuth(t *testing.T) { resp, err = resty.R(). SetHeader("Authorization", fmt.Sprintf("Bearer %s", goodToken.AccessToken)). - Get(baseURL + "/v2/" + AuthorizedNamespace + "/tags/list") + Get(baseURL + "/v2/" + repoName + "/tags/list") So(err, ShouldBeNil) So(resp, ShouldNotBeNil) So(resp.StatusCode(), ShouldEqual, http.StatusUnauthorized) @@ -2283,7 +2316,7 @@ func TestBearerAuth(t *testing.T) { resp, err = resty.R(). SetHeader("Authorization", fmt.Sprintf("Bearer %s", goodToken.AccessToken)). - Get(baseURL + "/v2/" + AuthorizedNamespace + "/tags/list") + Get(baseURL + "/v2/" + repoName + "/tags/list") So(err, ShouldBeNil) So(resp, ShouldNotBeNil) So(resp.StatusCode(), ShouldEqual, http.StatusOK) @@ -2361,7 +2394,7 @@ func TestBearerAuthWithAllowReadAccess(t *testing.T) { conf.HTTP.AccessControl = &config.AccessControlConfig{ Repositories: config.Repositories{ - AuthorizationAllRepos: config.PolicyGroup{ + test.AuthorizationAllRepos: config.PolicyGroup{ AnonymousPolicy: []string{"read"}, }, }, @@ -2398,7 +2431,11 @@ func TestBearerAuthWithAllowReadAccess(t *testing.T) { So(resp, ShouldNotBeNil) So(resp.StatusCode(), ShouldEqual, http.StatusOK) - resp, err = resty.R().Post(baseURL + "/v2/" + AuthorizedNamespace + "/blobs/uploads/") + s1, seed1 := test.GenerateRandomName() + s2, seed2 := test.GenerateRandomName() + repoName := s1 + "/" + s2 + ctlr.Log.Info().Int64("seed1", seed1).Int64("seed2", seed2).Msg("random seeds for repoName") + resp, err = resty.R().Post(baseURL + "/v2/" + repoName + "/blobs/uploads/") So(err, ShouldBeNil) So(resp, ShouldNotBeNil) So(resp.StatusCode(), ShouldEqual, http.StatusUnauthorized) @@ -2416,7 +2453,7 @@ func TestBearerAuthWithAllowReadAccess(t *testing.T) { resp, err = resty.R(). SetHeader("Authorization", fmt.Sprintf("Bearer %s", goodToken.AccessToken)). - Post(baseURL + "/v2/" + AuthorizedNamespace + "/blobs/uploads/") + Post(baseURL + "/v2/" + repoName + "/blobs/uploads/") So(err, ShouldBeNil) So(resp, ShouldNotBeNil) So(resp.StatusCode(), ShouldEqual, http.StatusAccepted) @@ -2456,7 +2493,7 @@ func TestBearerAuthWithAllowReadAccess(t *testing.T) { resp, err = resty.R(). SetHeader("Authorization", fmt.Sprintf("Bearer %s", goodToken.AccessToken)). - Get(baseURL + "/v2/" + AuthorizedNamespace + "/tags/list") + Get(baseURL + "/v2/" + repoName + "/tags/list") So(err, ShouldBeNil) So(resp, ShouldNotBeNil) So(resp.StatusCode(), ShouldEqual, http.StatusUnauthorized) @@ -2474,7 +2511,7 @@ func TestBearerAuthWithAllowReadAccess(t *testing.T) { resp, err = resty.R(). SetHeader("Authorization", fmt.Sprintf("Bearer %s", goodToken.AccessToken)). - Get(baseURL + "/v2/" + AuthorizedNamespace + "/tags/list") + Get(baseURL + "/v2/" + repoName + "/tags/list") So(err, ShouldBeNil) So(resp, ShouldNotBeNil) So(resp.StatusCode(), ShouldEqual, http.StatusOK) @@ -2605,8 +2642,9 @@ func TestOpenIDMiddleware(t *testing.T) { } // need a username different than ldap one, to test both logic - content := fmt.Sprintf("%s:$2y$05$hlbSXDp6hzDLu6VwACS39ORvVRpr3OMR4RlJ31jtlaOEGnPjKZI1m\n", htpasswdUsername) - htpasswdPath := test.MakeHtpasswdFileFromString(content) + htpasswdUsername, seedUser := test.GenerateRandomString() + htpasswdPassword, seedPass := test.GenerateRandomString() + htpasswdPath := test.MakeHtpasswdFileFromString(test.GetCredString(htpasswdUsername, htpasswdPassword)) defer os.Remove(htpasswdPath) @@ -2683,6 +2721,7 @@ func TestOpenIDMiddleware(t *testing.T) { } ctlr := api.NewController(conf) + ctlr.Log.Info().Int64("seedUser", seedUser).Int64("seedPass", seedPass).Msg("random seed for username & password") for _, testcase := range testCases { t.Run(testcase.testCaseName, func(t *testing.T) { @@ -2721,7 +2760,7 @@ func TestOpenIDMiddleware(t *testing.T) { client := resty.New() // without header should not create session - resp, err := client.R().SetBasicAuth(htpasswdUsername, passphrase).Get(baseURL + "/v2/") + resp, err := client.R().SetBasicAuth(htpasswdUsername, htpasswdPassword).Get(baseURL + "/v2/") So(err, ShouldBeNil) So(resp, ShouldNotBeNil) So(resp.StatusCode(), ShouldEqual, http.StatusOK) @@ -2732,7 +2771,7 @@ func TestOpenIDMiddleware(t *testing.T) { client.SetHeader(constants.SessionClientHeaderName, constants.SessionClientHeaderValue) - resp, err = client.R().SetBasicAuth(htpasswdUsername, passphrase).Get(baseURL + "/v2/") + resp, err = client.R().SetBasicAuth(htpasswdUsername, htpasswdPassword).Get(baseURL + "/v2/") So(err, ShouldBeNil) So(resp, ShouldNotBeNil) So(resp.StatusCode(), ShouldEqual, http.StatusOK) @@ -2745,7 +2784,7 @@ func TestOpenIDMiddleware(t *testing.T) { client.SetCookies(resp.Cookies()) // should get same cookie - resp, err = client.R().SetBasicAuth(htpasswdUsername, passphrase).Get(baseURL + "/v2/") + resp, err = client.R().SetBasicAuth(htpasswdUsername, htpasswdPassword).Get(baseURL + "/v2/") So(err, ShouldBeNil) So(resp, ShouldNotBeNil) So(resp.StatusCode(), ShouldEqual, http.StatusOK) @@ -2754,8 +2793,7 @@ func TestOpenIDMiddleware(t *testing.T) { So(err, ShouldBeNil) So(sessionsNo, ShouldEqual, 1) - resp, err = client.R(). - SetBasicAuth(htpasswdUsername, passphrase). + resp, err = client.R().SetBasicAuth(htpasswdUsername, htpasswdPassword). Get(baseURL + constants.FullMgmt) So(err, ShouldBeNil) So(resp, ShouldNotBeNil) @@ -2770,7 +2808,7 @@ func TestOpenIDMiddleware(t *testing.T) { So(resp, ShouldNotBeNil) So(resp.StatusCode(), ShouldEqual, http.StatusOK) - resp, err = client.R().SetBasicAuth(htpasswdUsername, passphrase).Get(baseURL + "/v2/") + resp, err = client.R().SetBasicAuth(htpasswdUsername, htpasswdPassword).Get(baseURL + "/v2/") So(err, ShouldBeNil) So(resp, ShouldNotBeNil) So(resp.StatusCode(), ShouldEqual, http.StatusOK) @@ -2850,18 +2888,17 @@ func TestOpenIDMiddleware(t *testing.T) { // first login user // with creds, should get expected status code - resp, err = client.R().SetBasicAuth(htpasswdUsername, passphrase).Get(baseURL) + resp, err = client.R().SetBasicAuth(htpasswdUsername, htpasswdPassword).Get(baseURL) So(err, ShouldBeNil) So(resp, ShouldNotBeNil) So(resp.StatusCode(), ShouldEqual, http.StatusOK) - resp, err = client.R().SetBasicAuth(htpasswdUsername, passphrase).Get(baseURL + "/v2/") + resp, err = client.R().SetBasicAuth(htpasswdUsername, htpasswdPassword).Get(baseURL + "/v2/") So(err, ShouldBeNil) So(resp, ShouldNotBeNil) So(resp.StatusCode(), ShouldEqual, http.StatusOK) - resp, err = client.R(). - SetBasicAuth(htpasswdUsername, passphrase). + resp, err = client.R().SetBasicAuth(htpasswdUsername, htpasswdPassword). Get(baseURL + constants.FullMgmt) So(err, ShouldBeNil) So(resp, ShouldNotBeNil) @@ -2913,18 +2950,17 @@ func TestOpenIDMiddleware(t *testing.T) { // first login user // with creds, should get expected status code - resp, err = client.R().SetBasicAuth(username, passphrase).Get(baseURL) + resp, err = client.R().SetBasicAuth(username, password).Get(baseURL) So(err, ShouldBeNil) So(resp, ShouldNotBeNil) So(resp.StatusCode(), ShouldEqual, http.StatusOK) - resp, err = client.R().SetBasicAuth(username, passphrase).Get(baseURL + "/v2/") + resp, err = client.R().SetBasicAuth(username, password).Get(baseURL + "/v2/") So(err, ShouldBeNil) So(resp, ShouldNotBeNil) So(resp.StatusCode(), ShouldEqual, http.StatusOK) - resp, err = client.R(). - SetBasicAuth(username, passphrase). + resp, err = client.R().SetBasicAuth(username, password). Get(baseURL + constants.FullMgmt) So(err, ShouldBeNil) So(resp, ShouldNotBeNil) @@ -3086,9 +3122,9 @@ func TestAuthnSessionErrors(t *testing.T) { invalidSessionID := "sessionID" // need a username different than ldap one, to test both logic - content := fmt.Sprintf("%s:$2y$05$hlbSXDp6hzDLu6VwACS39ORvVRpr3OMR4RlJ31jtlaOEGnPjKZI1m\n", htpasswdUsername) - - htpasswdPath := test.MakeHtpasswdFileFromString(content) + htpasswdUsername, seedUser := test.GenerateRandomString() + htpasswdPassword, seedPass := test.GenerateRandomString() + htpasswdPath := test.MakeHtpasswdFileFromString(test.GetCredString(htpasswdUsername, htpasswdPassword)) defer os.Remove(htpasswdPath) ldapServer := newTestLDAPServer() @@ -3157,6 +3193,7 @@ func TestAuthnSessionErrors(t *testing.T) { } ctlr := api.NewController(conf) + ctlr.Log.Info().Int64("seedUser", seedUser).Int64("seedPass", seedPass).Msg("random seed for username & password") ctlr.Config.Storage.RootDirectory = rootDir @@ -3175,8 +3212,7 @@ func TestAuthnSessionErrors(t *testing.T) { }, } - resp, err := client.R(). - SetBasicAuth(htpasswdUsername, passphrase). + resp, err := client.R().SetBasicAuth(htpasswdUsername, htpasswdPassword). Get(baseURL + "/v2/_catalog") So(err, ShouldBeNil) So(resp, ShouldNotBeNil) @@ -3192,8 +3228,7 @@ func TestAuthnSessionErrors(t *testing.T) { }, } - resp, err := client.R(). - SetBasicAuth(username, passphrase). + resp, err := client.R().SetBasicAuth(username, password). Get(baseURL + "/v2/_catalog") So(err, ShouldBeNil) So(resp, ShouldNotBeNil) @@ -3335,16 +3370,14 @@ func TestAuthnSessionErrors(t *testing.T) { client.SetHeader(constants.SessionClientHeaderName, constants.SessionClientHeaderValue) // first htpasswd saveSessionLoggedUser() error - resp, err := client.R(). - SetBasicAuth(htpasswdUsername, passphrase). + resp, err := client.R().SetBasicAuth(htpasswdUsername, htpasswdPassword). Get(baseURL + "/v2/") So(err, ShouldBeNil) So(resp, ShouldNotBeNil) So(resp.StatusCode(), ShouldEqual, http.StatusInternalServerError) // second ldap saveSessionLoggedUser() error - resp, err = client.R(). - SetBasicAuth(username, passphrase). + resp, err = client.R().SetBasicAuth(username, password). Get(baseURL + "/v2/") So(err, ShouldBeNil) So(resp, ShouldNotBeNil) @@ -3448,7 +3481,7 @@ func TestAuthnSessionErrors(t *testing.T) { session.ID = invalidSessionID session.IsNew = false session.Values["authStatus"] = false - session.Values["username"] = username + session.Values["test.Username"] = username cookieStore, ok := ctlr.CookieStore.Store.(*sessions.FilesystemStore) So(ok, ShouldBeTrue) @@ -3491,7 +3524,9 @@ func TestAuthnMetaDBErrors(t *testing.T) { conf := config.New() conf.HTTP.Port = port - htpasswdPath := test.MakeHtpasswdFile() + username, seedUser := test.GenerateRandomString() + password, seedPass := test.GenerateRandomString() + htpasswdPath := test.MakeHtpasswdFileFromString(test.GetCredString(username, password)) defer os.Remove(htpasswdPath) mockOIDCServer, err := authutils.MockOIDCRun() @@ -3527,6 +3562,7 @@ func TestAuthnMetaDBErrors(t *testing.T) { } ctlr := api.NewController(conf) + ctlr.Log.Info().Int64("seedUser", seedUser).Int64("seedPass", seedPass).Msg("random seed for username & password") ctlr.Config.Storage.RootDirectory = rootDir @@ -3545,8 +3581,7 @@ func TestAuthnMetaDBErrors(t *testing.T) { }, } - resp, err := client.R(). - SetBasicAuth(username, passphrase). + resp, err := client.R().SetBasicAuth(username, password). Get(baseURL + "/v2/_catalog") So(err, ShouldBeNil) So(resp, ShouldNotBeNil) @@ -3600,7 +3635,9 @@ func TestAuthorization(t *testing.T) { baseURL := test.GetBaseURL(port) conf := config.New() conf.HTTP.Port = port - htpasswdPath := test.MakeHtpasswdFile() + username, seedUser := test.GenerateRandomString() + password, seedPass := test.GenerateRandomString() + htpasswdPath := test.MakeHtpasswdFileFromString(test.GetCredString(username, password)) defer os.Remove(htpasswdPath) conf.HTTP.Auth = &config.AuthConfig{ @@ -3610,7 +3647,7 @@ func TestAuthorization(t *testing.T) { } conf.HTTP.AccessControl = &config.AccessControlConfig{ Repositories: config.Repositories{ - AuthorizationAllRepos: config.PolicyGroup{ + test.AuthorizationAllRepos: config.PolicyGroup{ Policies: []config.Policy{ { Users: []string{}, @@ -3655,6 +3692,7 @@ func TestAuthorization(t *testing.T) { } ctlr := api.NewController(conf) + ctlr.Log.Info().Int64("seedUser", seedUser).Int64("seedPass", seedPass).Msg("random seed for username & password") ctlr.Config.Storage.RootDirectory = t.TempDir() err = WriteImageToFileSystem(CreateDefaultImage(), "zot-test", "0.0.1", @@ -3670,7 +3708,7 @@ func TestAuthorization(t *testing.T) { client.SetRedirectPolicy(test.CustomRedirectPolicy(20)) mockOIDCServer.QueueUser(&mockoidc.MockUser{ - Email: "test", + Email: username, Subject: "1234567890", }) @@ -3686,7 +3724,7 @@ func TestAuthorization(t *testing.T) { client.SetCookies(resp.Cookies()) client.SetHeader(constants.SessionClientHeaderName, constants.SessionClientHeaderValue) - RunAuthorizationTests(t, client, baseURL, conf) + RunAuthorizationTests(t, client, baseURL, username, conf) }) Convey("with basic auth", func() { @@ -3702,9 +3740,9 @@ func TestAuthorization(t *testing.T) { defer cm.StopServer() client := resty.New() - client.SetBasicAuth(username, passphrase) + client.SetBasicAuth(username, password) - RunAuthorizationTests(t, client, baseURL, conf) + RunAuthorizationTests(t, client, baseURL, username, conf) }) }) } @@ -3714,7 +3752,9 @@ func TestGetUsername(t *testing.T) { port := test.GetFreePort() baseURL := test.GetBaseURL(port) - htpasswdPath := test.MakeHtpasswdFileFromString(getCredString(username, passphrase)) + username, seedUser := test.GenerateRandomString() + password, seedPass := test.GenerateRandomString() + htpasswdPath := test.MakeHtpasswdFileFromString(test.GetCredString(username, password)) defer os.Remove(htpasswdPath) conf := config.New() @@ -3727,6 +3767,7 @@ func TestGetUsername(t *testing.T) { dir := t.TempDir() ctlr := makeController(conf, dir) + ctlr.Log.Info().Int64("seedUser", seedUser).Int64("seedPass", seedPass).Msg("random seed for username & password") cm := test.NewControllerManager(ctlr) cm.StartAndWait(port) @@ -3759,7 +3800,7 @@ func TestGetUsername(t *testing.T) { err = json.Unmarshal(resp.Body(), &e) So(err, ShouldBeNil) - resp, err = resty.R().SetBasicAuth(username, passphrase).Get(baseURL + "/v2/_catalog") + resp, err = resty.R().SetBasicAuth(username, password).Get(baseURL + "/v2/_catalog") So(err, ShouldBeNil) So(resp, ShouldNotBeNil) So(resp.StatusCode(), ShouldEqual, http.StatusOK) @@ -4010,10 +4051,9 @@ func TestAuthorizationWithAnonymousPolicyBasicAuthAndSessionHeader(t *testing.T) baseURL := test.GetBaseURL(port) badpassphrase := "bad" - htpasswdContent := fmt.Sprintf("%s:$2y$05$hlbSXDp6hzDLu6VwACS39ORvVRpr3OMR4RlJ31jtlaOEGnPjKZI1m\n", - htpasswdUsername) - - htpasswdPath := test.MakeHtpasswdFileFromString(htpasswdContent) + htpasswdUsername, seedUser := test.GenerateRandomString() + htpasswdPassword, seedPass := test.GenerateRandomString() + htpasswdPath := test.MakeHtpasswdFileFromString(test.GetCredString(htpasswdUsername, htpasswdPassword)) defer os.Remove(htpasswdPath) img := CreateRandomImage() @@ -4044,6 +4084,7 @@ func TestAuthorizationWithAnonymousPolicyBasicAuthAndSessionHeader(t *testing.T) dir := t.TempDir() ctlr := makeController(conf, dir) + ctlr.Log.Info().Int64("seedUser", seedUser).Int64("seedPass", seedPass).Msg("random seed for username & password") cm := test.NewControllerManager(ctlr) cm.StartAndWait(port) defer cm.StopServer() @@ -4064,16 +4105,14 @@ func TestAuthorizationWithAnonymousPolicyBasicAuthAndSessionHeader(t *testing.T) So(resp.StatusCode(), ShouldEqual, http.StatusOK) // Can access /v2 with correct credentials - resp, err = resty.R(). - SetBasicAuth(htpasswdUsername, passphrase). + resp, err = resty.R().SetBasicAuth(htpasswdUsername, htpasswdPassword). Get(baseURL + "/v2/") So(err, ShouldBeNil) So(resp, ShouldNotBeNil) So(resp.StatusCode(), ShouldEqual, http.StatusOK) // Fail to access /v2 with incorrect credentials - resp, err = resty.R(). - SetBasicAuth(htpasswdUsername, badpassphrase). + resp, err = resty.R().SetBasicAuth(htpasswdUsername, badpassphrase). Get(baseURL + "/v2/") So(err, ShouldBeNil) So(resp, ShouldNotBeNil) @@ -4098,8 +4137,7 @@ func TestAuthorizationWithAnonymousPolicyBasicAuthAndSessionHeader(t *testing.T) err = json.Unmarshal(resp.Body(), &apiError) So(err, ShouldBeNil) - resp, err = resty.R(). - SetBasicAuth(htpasswdUsername, passphrase). + resp, err = resty.R().SetBasicAuth(htpasswdUsername, htpasswdPassword). Get(baseURL + "/v2/_catalog") So(err, ShouldBeNil) So(resp, ShouldNotBeNil) @@ -4124,7 +4162,7 @@ func TestAuthorizationWithAnonymousPolicyBasicAuthAndSessionHeader(t *testing.T) So(err, ShouldNotBeNil) err = UploadImageWithBasicAuth(img, baseURL, - TestRepo, tagAuth, htpasswdUsername, passphrase) + TestRepo, tagAuth, htpasswdUsername, htpasswdPassword) So(err, ShouldNotBeNil) err = UploadImageWithBasicAuth(img, baseURL, @@ -4145,7 +4183,7 @@ func TestAuthorizationWithAnonymousPolicyBasicAuthAndSessionHeader(t *testing.T) So(err, ShouldBeNil) err = UploadImageWithBasicAuth(img, baseURL, - TestRepo, tagAuth, htpasswdUsername, passphrase) + TestRepo, tagAuth, htpasswdUsername, htpasswdPassword) So(err, ShouldBeNil) err = UploadImageWithBasicAuth(img, baseURL, @@ -4187,8 +4225,7 @@ func TestAuthorizationWithAnonymousPolicyBasicAuthAndSessionHeader(t *testing.T) Repositories []string `json:"repositories"` }{} - resp, err = resty.R(). - SetBasicAuth(htpasswdUsername, passphrase). + resp, err = resty.R().SetBasicAuth(htpasswdUsername, htpasswdPassword). Get(baseURL + "/v2/_catalog") So(err, ShouldBeNil) So(resp, ShouldNotBeNil) @@ -4199,8 +4236,7 @@ func TestAuthorizationWithAnonymousPolicyBasicAuthAndSessionHeader(t *testing.T) So(len(catalog.Repositories), ShouldEqual, 1) So(catalog.Repositories, ShouldContain, TestRepo) - resp, err = resty.R(). - SetBasicAuth(htpasswdUsername, badpassphrase). + resp, err = resty.R().SetBasicAuth(htpasswdUsername, badpassphrase). Get(baseURL + "/v2/_catalog") So(err, ShouldBeNil) So(resp, ShouldNotBeNil) @@ -4215,9 +4251,13 @@ func TestAuthorizationWithMultiplePolicies(t *testing.T) { conf := config.New() conf.HTTP.Port = port - // have two users: "test" user for user Policy, and "bob" for default policy - htpasswdPath := test.MakeHtpasswdFileFromString(getCredString(username, passphrase) + - "\n" + getCredString("bob", passphrase)) + // have two users: one for user Policy, and another for default policy + username1, seedUser1 := test.GenerateRandomString() + password1, seedPass1 := test.GenerateRandomString() + username2, seedUser2 := test.GenerateRandomString() + password2, seedPass2 := test.GenerateRandomString() + content := test.GetCredString(username1, password1) + test.GetCredString(username2, password2) + htpasswdPath := test.MakeHtpasswdFileFromString(content) defer os.Remove(htpasswdPath) conf.HTTP.Auth = &config.AuthConfig{ @@ -4228,7 +4268,7 @@ func TestAuthorizationWithMultiplePolicies(t *testing.T) { // config with all policy types, to test that the correct one is applied in each case conf.HTTP.AccessControl = &config.AccessControlConfig{ Repositories: config.Repositories{ - AuthorizationAllRepos: config.PolicyGroup{ + test.AuthorizationAllRepos: config.PolicyGroup{ Policies: []config.Policy{ { Users: []string{}, @@ -4276,6 +4316,10 @@ func TestAuthorizationWithMultiplePolicies(t *testing.T) { } ctlr := api.NewController(conf) + ctlr.Log.Info().Int64("seedUser1", seedUser1).Int64("seedPass1", seedPass1). + Msg("random seed for username & password") + ctlr.Log.Info().Int64("seedUser2", seedUser2).Int64("seedPass2", seedPass2). + Msg("random seed for username & password") ctlr.Config.Storage.RootDirectory = dir err = WriteImageToFileSystem(CreateDefaultImage(), "zot-test", "0.0.1", @@ -4291,7 +4335,7 @@ func TestAuthorizationWithMultiplePolicies(t *testing.T) { testUserClient.SetRedirectPolicy(test.CustomRedirectPolicy(20)) mockOIDCServer.QueueUser(&mockoidc.MockUser{ - Email: "test", + Email: username1, Subject: "1234567890", }) @@ -4312,7 +4356,7 @@ func TestAuthorizationWithMultiplePolicies(t *testing.T) { bobUserClient.SetRedirectPolicy(test.CustomRedirectPolicy(20)) mockOIDCServer.QueueUser(&mockoidc.MockUser{ - Email: "bob", + Email: username2, Subject: "1234567890", }) @@ -4328,7 +4372,7 @@ func TestAuthorizationWithMultiplePolicies(t *testing.T) { bobUserClient.SetCookies(resp.Cookies()) bobUserClient.SetHeader(constants.SessionClientHeaderName, constants.SessionClientHeaderValue) - RunAuthorizationWithMultiplePoliciesTests(t, testUserClient, bobUserClient, baseURL, conf) + RunAuthorizationWithMultiplePoliciesTests(t, testUserClient, bobUserClient, baseURL, username1, username2, conf) }) Convey("with basic auth", func() { @@ -4345,13 +4389,13 @@ func TestAuthorizationWithMultiplePolicies(t *testing.T) { cm.StartAndWait(port) defer cm.StopServer() - testUserClient := resty.New() - testUserClient.SetBasicAuth(username, passphrase) + userClient1 := resty.New() + userClient1.SetBasicAuth(username1, password1) - bobUserClient := resty.New() - bobUserClient.SetBasicAuth("bob", passphrase) + userClient2 := resty.New() + userClient2.SetBasicAuth(username2, password2) - RunAuthorizationWithMultiplePoliciesTests(t, testUserClient, bobUserClient, baseURL, conf) + RunAuthorizationWithMultiplePoliciesTests(t, userClient1, userClient2, baseURL, username1, username2, conf) }) }) } @@ -4363,8 +4407,9 @@ func TestInvalidCases(t *testing.T) { conf := config.New() conf.HTTP.Port = port - htpasswdPath := test.MakeHtpasswdFileFromString(getCredString(username, passphrase)) - + username, seedUser := test.GenerateRandomString() + password, seedPass := test.GenerateRandomString() + htpasswdPath := test.MakeHtpasswdFileFromString(test.GetCredString(username, password)) defer os.Remove(htpasswdPath) conf.HTTP.Auth = &config.AuthConfig{ @@ -4375,6 +4420,7 @@ func TestInvalidCases(t *testing.T) { dir := t.TempDir() ctlr := makeController(conf, dir) + ctlr.Log.Info().Int64("seedUser", seedUser).Int64("seedPass", seedPass).Msg("random seed for username & password") cm := test.NewControllerManager(ctlr) cm.StartAndWait(port) @@ -4410,7 +4456,7 @@ func TestInvalidCases(t *testing.T) { params["mount"] = digest postResponse, err := client.R(). - SetBasicAuth(username, passphrase).SetQueryParams(params). + SetBasicAuth(username, password).SetQueryParams(params). Post(fmt.Sprintf("%s/v2/%s/blobs/uploads/", baseURL, name)) So(err, ShouldBeNil) So(postResponse.StatusCode(), ShouldEqual, http.StatusInternalServerError) @@ -4420,10 +4466,10 @@ func TestInvalidCases(t *testing.T) { func TestHTTPReadOnly(t *testing.T) { Convey("Single cred", t, func() { singleCredtests := []string{} - user := ALICE - password := ALICE - singleCredtests = append(singleCredtests, getCredString(user, password)) - singleCredtests = append(singleCredtests, getCredString(user, password)+"\n") + user, seedUser := test.GenerateRandomString() + password, seedPass := test.GenerateRandomString() + singleCredtests = append(singleCredtests, test.GetCredString(user, password)) + singleCredtests = append(singleCredtests, test.GetCredString(user, password)+"\n") port := test.GetFreePort() baseURL := test.GetBaseURL(port) @@ -4435,7 +4481,7 @@ func TestHTTPReadOnly(t *testing.T) { // enable read-only mode conf.HTTP.AccessControl = &config.AccessControlConfig{ Repositories: config.Repositories{ - AuthorizationAllRepos: config.PolicyGroup{ + test.AuthorizationAllRepos: config.PolicyGroup{ DefaultPolicy: []string{"read"}, }, }, @@ -4449,6 +4495,7 @@ func TestHTTPReadOnly(t *testing.T) { }, } ctlr := makeController(conf, t.TempDir()) + ctlr.Log.Info().Int64("seedUser", seedUser).Int64("seedPass", seedPass).Msg("random seed for username & password") cm := test.NewControllerManager(ctlr) cm.StartAndWait(port) @@ -4459,9 +4506,13 @@ func TestHTTPReadOnly(t *testing.T) { So(resp, ShouldNotBeNil) So(resp.StatusCode(), ShouldEqual, http.StatusOK) + s1, seed1 := test.GenerateRandomName() + s2, seed2 := test.GenerateRandomName() + repoName := s1 + "/" + s2 + ctlr.Log.Info().Int64("seed1", seed1).Int64("seed2", seed2).Msg("random seeds for repoName") // with creds, any modifications should still fail on read-only mode resp, err := resty.R().SetBasicAuth(user, password). - Post(baseURL + "/v2/" + AuthorizedNamespace + "/blobs/uploads/") + Post(baseURL + "/v2/" + repoName + "/blobs/uploads/") So(err, ShouldBeNil) So(resp, ShouldNotBeNil) So(resp.StatusCode(), ShouldEqual, http.StatusForbidden) @@ -4482,8 +4533,9 @@ func TestCrossRepoMount(t *testing.T) { conf := config.New() conf.HTTP.Port = port - htpasswdPath := test.MakeHtpasswdFileFromString(getCredString(username, passphrase)) - + username, seedUser := test.GenerateRandomString() + password, seedPass := test.GenerateRandomString() + htpasswdPath := test.MakeHtpasswdFileFromString(test.GetCredString(username, password)) defer os.Remove(htpasswdPath) conf.HTTP.Auth = &config.AuthConfig{ @@ -4494,6 +4546,7 @@ func TestCrossRepoMount(t *testing.T) { dir := t.TempDir() ctlr := api.NewController(conf) + ctlr.Log.Info().Int64("seedUser", seedUser).Int64("seedPass", seedPass).Msg("random seed for username & password") ctlr.Config.Storage.RootDirectory = dir ctlr.Config.Storage.RemoteCache = false @@ -4518,7 +4571,7 @@ func TestCrossRepoMount(t *testing.T) { params["from"] = name client := resty.New() - headResponse, err := client.R().SetBasicAuth(username, passphrase). + headResponse, err := client.R().SetBasicAuth(username, password). Head(fmt.Sprintf("%s/v2/%s/blobs/%s", baseURL, name, manifestDigest)) So(err, ShouldBeNil) So(headResponse.StatusCode(), ShouldEqual, http.StatusOK) @@ -4527,7 +4580,7 @@ func TestCrossRepoMount(t *testing.T) { params["mount"] = "sha:" postResponse, err := client.R(). - SetBasicAuth(username, passphrase).SetQueryParams(params). + SetBasicAuth(username, password).SetQueryParams(params). Post(baseURL + "/v2/zot-c-test/blobs/uploads/") So(err, ShouldBeNil) So(postResponse.StatusCode(), ShouldEqual, http.StatusAccepted) @@ -4541,7 +4594,7 @@ func TestCrossRepoMount(t *testing.T) { incorrectParams["from"] = "zot-x-test" postResponse, err = client.R(). - SetBasicAuth(username, passphrase).SetQueryParams(incorrectParams). + SetBasicAuth(username, password).SetQueryParams(incorrectParams). Post(baseURL + "/v2/zot-y-test/blobs/uploads/") So(err, ShouldBeNil) So(postResponse.StatusCode(), ShouldEqual, http.StatusAccepted) @@ -4552,7 +4605,7 @@ func TestCrossRepoMount(t *testing.T) { // This is correct request but it will return 202 because blob is not present in cache. params["mount"] = string(manifestDigest) postResponse, err = client.R(). - SetBasicAuth(username, passphrase).SetQueryParams(params). + SetBasicAuth(username, password).SetQueryParams(params). Post(baseURL + "/v2/zot-c-test/blobs/uploads/") So(err, ShouldBeNil) So(postResponse.StatusCode(), ShouldEqual, http.StatusAccepted) @@ -4561,30 +4614,30 @@ func TestCrossRepoMount(t *testing.T) { // Send same request again postResponse, err = client.R(). - SetBasicAuth(username, passphrase).SetQueryParams(params). + SetBasicAuth(username, password).SetQueryParams(params). Post(baseURL + "/v2/zot-c-test/blobs/uploads/") So(err, ShouldBeNil) So(postResponse.StatusCode(), ShouldEqual, http.StatusAccepted) // Valid requests postResponse, err = client.R(). - SetBasicAuth(username, passphrase).SetQueryParams(params). + SetBasicAuth(username, password).SetQueryParams(params). Post(baseURL + "/v2/zot-d-test/blobs/uploads/") So(err, ShouldBeNil) So(postResponse.StatusCode(), ShouldEqual, http.StatusAccepted) - headResponse, err = client.R().SetBasicAuth(username, passphrase). + headResponse, err = client.R().SetBasicAuth(username, password). Head(fmt.Sprintf("%s/v2/zot-cv-test/blobs/%s", baseURL, manifestDigest)) So(err, ShouldBeNil) So(headResponse.StatusCode(), ShouldEqual, http.StatusNotFound) postResponse, err = client.R(). - SetBasicAuth(username, passphrase).SetQueryParams(params).Post(baseURL + "/v2/zot-c-test/blobs/uploads/") + SetBasicAuth(username, password).SetQueryParams(params).Post(baseURL + "/v2/zot-c-test/blobs/uploads/") So(err, ShouldBeNil) So(postResponse.StatusCode(), ShouldEqual, http.StatusAccepted) postResponse, err = client.R(). - SetBasicAuth(username, passphrase).SetQueryParams(params). + SetBasicAuth(username, password).SetQueryParams(params). Post(baseURL + "/v2/ /blobs/uploads/") So(err, ShouldBeNil) So(postResponse.StatusCode(), ShouldEqual, http.StatusNotFound) @@ -4597,7 +4650,7 @@ func TestCrossRepoMount(t *testing.T) { } postResponse, err = client.R().SetHeader("Content-type", "application/octet-stream"). - SetBasicAuth(username, passphrase).SetQueryParam("digest", "sha256:"+blob). + SetBasicAuth(username, password).SetQueryParam("digest", "sha256:"+blob). SetBody(buf).Post(baseURL + "/v2/zot-d-test/blobs/uploads/") So(err, ShouldBeNil) So(postResponse.StatusCode(), ShouldEqual, http.StatusCreated) @@ -4625,7 +4678,7 @@ func TestCrossRepoMount(t *testing.T) { params["mount"] = string(manifestDigest) postResponse, err = client.R(). - SetBasicAuth(username, passphrase).SetQueryParams(params). + SetBasicAuth(username, password).SetQueryParams(params). Post(baseURL + "/v2/zot-mount-test/blobs/uploads/") So(err, ShouldBeNil) So(postResponse.StatusCode(), ShouldEqual, http.StatusCreated) @@ -4650,7 +4703,7 @@ func TestCrossRepoMount(t *testing.T) { params["mount"] = string(manifestDigest) params["from"] = "zot-mount-test" postResponse, err = client.R(). - SetBasicAuth(username, passphrase).SetQueryParams(params). + SetBasicAuth(username, password).SetQueryParams(params). Post(baseURL + "/v2/zot-mount1-test/blobs/uploads/") So(err, ShouldBeNil) So(postResponse.StatusCode(), ShouldEqual, http.StatusCreated) @@ -4664,7 +4717,7 @@ func TestCrossRepoMount(t *testing.T) { So(os.SameFile(cacheFi, linkFi), ShouldEqual, true) - headResponse, err = client.R().SetBasicAuth(username, passphrase). + headResponse, err = client.R().SetBasicAuth(username, password). Head(fmt.Sprintf("%s/v2/zot-cv-test/blobs/%s", baseURL, manifestDigest)) So(err, ShouldBeNil) So(headResponse.StatusCode(), ShouldEqual, http.StatusOK) @@ -4673,7 +4726,7 @@ func TestCrossRepoMount(t *testing.T) { params = make(map[string]string) params["mount"] = "sha256:" postResponse, err = client.R(). - SetBasicAuth(username, passphrase).SetQueryParams(params). + SetBasicAuth(username, password).SetQueryParams(params). Post(baseURL + "/v2/zot-mount-test/blobs/uploads/") So(err, ShouldBeNil) So(postResponse.StatusCode(), ShouldEqual, http.StatusAccepted) @@ -4681,7 +4734,7 @@ func TestCrossRepoMount(t *testing.T) { params = make(map[string]string) params["from"] = "zot-cve-test" postResponse, err = client.R(). - SetBasicAuth(username, passphrase).SetQueryParams(params). + SetBasicAuth(username, password).SetQueryParams(params). Post(baseURL + "/v2/zot-mount-test/blobs/uploads/") So(err, ShouldBeNil) So(postResponse.StatusCode(), ShouldEqual, http.StatusMethodNotAllowed) @@ -4693,7 +4746,7 @@ func TestCrossRepoMount(t *testing.T) { conf := config.New() conf.HTTP.Port = port - htpasswdPath := test.MakeHtpasswdFileFromString(getCredString(username, passphrase)) + htpasswdPath := test.MakeHtpasswdFileFromString(test.GetCredString(username, password)) defer os.Remove(htpasswdPath) @@ -4724,7 +4777,7 @@ func TestCrossRepoMount(t *testing.T) { digest := godigest.FromBytes(image.Layers[0]) name := "zot-c-test" client := resty.New() - headResponse, err := client.R().SetBasicAuth(username, passphrase). + headResponse, err := client.R().SetBasicAuth(username, password). Head(fmt.Sprintf("%s/v2/%s/blobs/%s", baseURL, name, digest)) So(err, ShouldBeNil) So(headResponse.StatusCode(), ShouldEqual, http.StatusNotFound) @@ -4834,7 +4887,13 @@ func TestParallelRequests(t *testing.T) { conf := config.New() conf.HTTP.Port = port - htpasswdPath := test.MakeHtpasswdFileFromString(getCredString(username, passphrase)) + username, seedUser := test.GenerateRandomString() + password, seedPass := test.GenerateRandomString() + htpasswdPath := test.MakeHtpasswdFileFromString(test.GetCredString(username, password)) + + t.Cleanup(func() { + os.Remove(htpasswdPath) + }) conf.HTTP.Auth = &config.AuthConfig{ HTPasswd: config.AuthHTPasswd{ @@ -4852,6 +4911,7 @@ func TestParallelRequests(t *testing.T) { subPaths["/b"] = config.StorageConfig{RootDirectory: secondSubDir} ctlr := makeController(conf, dir) + ctlr.Log.Info().Int64("seedUser", seedUser).Int64("seedPass", seedPass).Msg("random seed for username & password") ctlr.Config.Storage.SubPaths = subPaths testImagesDir := t.TempDir() @@ -4875,7 +4935,7 @@ func TestParallelRequests(t *testing.T) { t.Parallel() client := resty.New() - tagResponse, err := client.R().SetBasicAuth(username, passphrase). + tagResponse, err := client.R().SetBasicAuth(username, password). Get(baseURL + "/v2/" + testcase.destImageName + "/tags/list") assert.Equal(t, err, nil, "Error should be nil") assert.NotEqual(t, tagResponse.StatusCode(), http.StatusBadRequest, "bad request") @@ -4883,12 +4943,12 @@ func TestParallelRequests(t *testing.T) { manifestList := getAllManifests(path.Join(testImagesDir, testcase.srcImageName)) for _, manifest := range manifestList { - headResponse, err := client.R().SetBasicAuth(username, passphrase). + headResponse, err := client.R().SetBasicAuth(username, password). Head(baseURL + "/v2/" + testcase.destImageName + "/manifests/" + manifest) assert.Equal(t, err, nil, "Error should be nil") assert.Equal(t, headResponse.StatusCode(), http.StatusNotFound, "response status code should return 404") - getResponse, err := client.R().SetBasicAuth(username, passphrase). + getResponse, err := client.R().SetBasicAuth(username, password). Get(baseURL + "/v2/" + testcase.destImageName + "/manifests/" + manifest) assert.Equal(t, err, nil, "Error should be nil") assert.Equal(t, getResponse.StatusCode(), http.StatusNotFound, "response status code should return 404") @@ -4898,16 +4958,14 @@ func TestParallelRequests(t *testing.T) { for _, blob := range blobList { // Get request of blob - headResponse, err := client.R(). - SetBasicAuth(username, passphrase). + headResponse, err := client.R().SetBasicAuth(username, password). Head(baseURL + "/v2/" + testcase.destImageName + "/blobs/sha256:" + blob) assert.Equal(t, err, nil, "Should not be nil") assert.NotEqual(t, headResponse.StatusCode(), http.StatusInternalServerError, "internal server error should not occurred") - getResponse, err := client.R(). - SetBasicAuth(username, passphrase). + getResponse, err := client.R().SetBasicAuth(username, password). Get(baseURL + "/v2/" + testcase.destImageName + "/blobs/sha256:" + blob) assert.Equal(t, err, nil, "Should not be nil") @@ -4924,7 +4982,7 @@ func TestParallelRequests(t *testing.T) { // Post request of blob postResponse, err := client.R(). SetHeader("Content-type", "application/octet-stream"). - SetBasicAuth(username, passphrase). + SetBasicAuth(username, password). SetBody(buf).Post(baseURL + "/v2/" + testcase.destImageName + "/blobs/uploads/") assert.Equal(t, err, nil, "Error should be nil") @@ -4935,7 +4993,7 @@ func TestParallelRequests(t *testing.T) { if run%2 == 0 { postResponse, err = client.R(). SetHeader("Content-type", "application/octet-stream"). - SetBasicAuth(username, passphrase). + SetBasicAuth(username, password). SetBody(buf). Post(baseURL + "/v2/" + testcase.destImageName + "/blobs/uploads/") @@ -4982,7 +5040,7 @@ func TestParallelRequests(t *testing.T) { SetHeader("Content-Type", "application/octet-stream"). SetHeader("Content-Length", fmt.Sprintf("%d", nbytes)). SetHeader("Content-Range", fmt.Sprintf("%d", readContent)+"-"+fmt.Sprintf("%d", readContent+nbytes-1)). - SetBasicAuth(username, passphrase). + SetBasicAuth(username, password). Patch(baseURL + "/v2/" + testcase.destImageName + "/blobs/uploads/" + sessionID) assert.Equal(t, err, nil, "Error should be nil") @@ -5003,7 +5061,7 @@ func TestParallelRequests(t *testing.T) { // Patch request of blob patchResponse, err := client.R().SetBody(buf[0:nbytes]).SetHeader("Content-type", "application/octet-stream"). - SetBasicAuth(username, passphrase). + SetBasicAuth(username, password). Patch(baseURL + "/v2/" + testcase.destImageName + "/blobs/uploads/" + sessionID) if err != nil { panic(err) @@ -5017,7 +5075,7 @@ func TestParallelRequests(t *testing.T) { } else { postResponse, err = client.R(). SetHeader("Content-type", "application/octet-stream"). - SetBasicAuth(username, passphrase). + SetBasicAuth(username, password). SetBody(buf).SetQueryParam("digest", "sha256:"+blob). Post(baseURL + "/v2/" + testcase.destImageName + "/blobs/uploads/") @@ -5027,26 +5085,26 @@ func TestParallelRequests(t *testing.T) { } headResponse, err = client.R(). - SetBasicAuth(username, passphrase). + SetBasicAuth(username, password). Head(baseURL + "/v2/" + testcase.destImageName + "/blobs/sha256:" + blob) assert.Equal(t, err, nil, "Should not be nil") assert.NotEqual(t, headResponse.StatusCode(), http.StatusInternalServerError, "response should return success code") getResponse, err = client.R(). - SetBasicAuth(username, passphrase). + SetBasicAuth(username, password). Get(baseURL + "/v2/" + testcase.destImageName + "/blobs/sha256:" + blob) assert.Equal(t, err, nil, "Should not be nil") assert.NotEqual(t, getResponse.StatusCode(), http.StatusInternalServerError, "response should return success code") } - tagResponse, err = client.R().SetBasicAuth(username, passphrase). + tagResponse, err = client.R().SetBasicAuth(username, password). Get(baseURL + "/v2/" + testcase.destImageName + "/tags/list") assert.Equal(t, err, nil, "Error should be nil") assert.Equal(t, tagResponse.StatusCode(), http.StatusOK, "response status code should return success code") - repoResponse, err := client.R().SetBasicAuth(username, passphrase). + repoResponse, err := client.R().SetBasicAuth(username, password). Get(baseURL + constants.RoutePrefix + constants.ExtCatalogPrefix) assert.Equal(t, err, nil, "Error should be nil") assert.Equal(t, repoResponse.StatusCode(), http.StatusOK, "response status code should return success code") @@ -7173,7 +7231,7 @@ func TestManifestCollision(t *testing.T) { conf.HTTP.AccessControl = &config.AccessControlConfig{ Repositories: config.Repositories{ - AuthorizationAllRepos: config.PolicyGroup{ + test.AuthorizationAllRepos: config.PolicyGroup{ AnonymousPolicy: []string{ constants.ReadPermission, constants.CreatePermission, @@ -7231,9 +7289,9 @@ func TestManifestCollision(t *testing.T) { So(resp.StatusCode(), ShouldEqual, http.StatusConflict) // remove detectManifestCollision action from ** (all repos) - repoPolicy := conf.HTTP.AccessControl.Repositories[AuthorizationAllRepos] + repoPolicy := conf.HTTP.AccessControl.Repositories[test.AuthorizationAllRepos] repoPolicy.AnonymousPolicy = []string{"read", "delete"} - conf.HTTP.AccessControl.Repositories[AuthorizationAllRepos] = repoPolicy + conf.HTTP.AccessControl.Repositories[test.AuthorizationAllRepos] = repoPolicy resp, err = resty.R().Delete(baseURL + "/v2/index/manifests/" + digest.String()) So(err, ShouldBeNil) @@ -8246,7 +8304,7 @@ func TestSearchRoutes(t *testing.T) { user1 := "test" password1 := "test" - testString1 := getCredString(user1, password1) + testString1 := test.GetCredString(user1, password1) htpasswdPath := test.MakeHtpasswdFileFromString(testString1) defer os.Remove(htpasswdPath) conf.HTTP.Auth = &config.AuthConfig{ @@ -8395,7 +8453,7 @@ func TestSearchRoutes(t *testing.T) { user1 := "test1" password1 := "test1" group1 := "testgroup3" - testString1 := getCredString(user1, password1) + testString1 := test.GetCredString(user1, password1) htpasswdPath := test.MakeHtpasswdFileFromString(testString1) defer os.Remove(htpasswdPath) conf.HTTP.Auth = &config.AuthConfig{ @@ -8478,7 +8536,7 @@ func TestSearchRoutes(t *testing.T) { password1 := "test2" group1 := "testgroup1" group2 := "secondtestgroup" - testString1 := getCredString(user1, password1) + testString1 := test.GetCredString(user1, password1) htpasswdPath := test.MakeHtpasswdFileFromString(testString1) defer os.Remove(htpasswdPath) conf.HTTP.Auth = &config.AuthConfig{ @@ -8546,7 +8604,7 @@ func TestSearchRoutes(t *testing.T) { user1 := "test3" password1 := "test3" group1 := "testgroup" - testString1 := getCredString(user1, password1) + testString1 := test.GetCredString(user1, password1) htpasswdPath := test.MakeHtpasswdFileFromString(testString1) defer os.Remove(htpasswdPath) conf.HTTP.Auth = &config.AuthConfig{ @@ -8614,7 +8672,7 @@ func TestSearchRoutes(t *testing.T) { user1 := "test4" password1 := "test4" group1 := "testgroup1" - testString1 := getCredString(user1, password1) + testString1 := test.GetCredString(user1, password1) htpasswdPath := test.MakeHtpasswdFileFromString(testString1) defer os.Remove(htpasswdPath) conf.HTTP.Auth = &config.AuthConfig{ @@ -8682,7 +8740,7 @@ func TestSearchRoutes(t *testing.T) { user1 := "test5" password1 := "test5" group1 := "testgroup2" - testString1 := getCredString(user1, password1) + testString1 := test.GetCredString(user1, password1) htpasswdPath := test.MakeHtpasswdFileFromString(testString1) defer os.Remove(htpasswdPath) conf.HTTP.Auth = &config.AuthConfig{ @@ -8736,13 +8794,12 @@ func TestSearchRoutes(t *testing.T) { conf.HTTP.Port = port defaultVal := true - group1 := group - user1 := username - password1 := passphrase - - testString1 := getCredString(user1, password1) - htpasswdPath := test.MakeHtpasswdFileFromString(testString1) + group1, seedGroup1 := test.GenerateRandomString() + user1, seedUser1 := test.GenerateRandomString() + password1, seedPass1 := test.GenerateRandomString() + htpasswdPath := test.MakeHtpasswdFileFromString(test.GetCredString(user1, password1)) defer os.Remove(htpasswdPath) + conf.HTTP.Auth = &config.AuthConfig{ HTPasswd: config.AuthHTPasswd{ Path: htpasswdPath, @@ -8781,6 +8838,8 @@ func TestSearchRoutes(t *testing.T) { } ctlr := makeController(conf, tempDir) + ctlr.Log.Info().Int64("seedUser1", seedUser1).Int64("seedPass1", seedPass1). + Int64("seedGroup1", seedGroup1).Msg("random seed for username,password & group") cm := test.NewControllerManager(ctlr) cm.StartAndWait(port) @@ -9152,7 +9211,7 @@ func makeController(conf *config.Config, dir string) *api.Controller { } func RunAuthorizationWithMultiplePoliciesTests(t *testing.T, userClient *resty.Client, bobClient *resty.Client, - baseURL string, conf *config.Config, + baseURL, user1, user2 string, conf *config.Config, ) { t.Helper() @@ -9165,9 +9224,9 @@ func RunAuthorizationWithMultiplePoliciesTests(t *testing.T, userClient *resty.C So(resp, ShouldNotBeNil) So(resp.StatusCode(), ShouldEqual, 401) - repoPolicy := conf.HTTP.AccessControl.Repositories[AuthorizationAllRepos] + repoPolicy := conf.HTTP.AccessControl.Repositories[test.AuthorizationAllRepos] repoPolicy.AnonymousPolicy = append(repoPolicy.AnonymousPolicy, "read") - conf.HTTP.AccessControl.Repositories[AuthorizationAllRepos] = repoPolicy + conf.HTTP.AccessControl.Repositories[test.AuthorizationAllRepos] = repoPolicy // should have access to /v2/, anonymous policy is applied, "read" allowed resp, err = resty.R().Get(baseURL + "/v2/") @@ -9181,8 +9240,8 @@ func RunAuthorizationWithMultiplePoliciesTests(t *testing.T, userClient *resty.C So(resp, ShouldNotBeNil) So(resp.StatusCode(), ShouldEqual, http.StatusOK) - // add "test" user to global policy with create permission - repoPolicy.Policies[0].Users = append(repoPolicy.Policies[0].Users, "test") + // add user1 to global policy with create permission + repoPolicy.Policies[0].Users = append(repoPolicy.Policies[0].Users, user1) repoPolicy.Policies[0].Actions = append(repoPolicy.Policies[0].Actions, "create") // now it should get 202, user has the permission set on "create" @@ -9216,7 +9275,7 @@ func RunAuthorizationWithMultiplePoliciesTests(t *testing.T, userClient *resty.C So(resp.StatusCode(), ShouldEqual, http.StatusForbidden) repoPolicy.DefaultPolicy = append(repoPolicy.DefaultPolicy, "read") - conf.HTTP.AccessControl.Repositories[AuthorizationAllRepos] = repoPolicy + conf.HTTP.AccessControl.Repositories[test.AuthorizationAllRepos] = repoPolicy // with read permission should get 200, because default policy allows reading now resp, err = userClient.R().Get(baseURL + "/v2/" + AuthorizationNamespace + "/tags/list") @@ -9243,8 +9302,8 @@ func RunAuthorizationWithMultiplePoliciesTests(t *testing.T, userClient *resty.C So(resp, ShouldNotBeNil) So(resp.StatusCode(), ShouldEqual, http.StatusForbidden) - // add read permission to user "bob" - conf.HTTP.AccessControl.AdminPolicy.Users = append(conf.HTTP.AccessControl.AdminPolicy.Users, "bob") + // add read permission to user2" + conf.HTTP.AccessControl.AdminPolicy.Users = append(conf.HTTP.AccessControl.AdminPolicy.Users, user2) conf.HTTP.AccessControl.AdminPolicy.Actions = append(conf.HTTP.AccessControl.AdminPolicy.Actions, "create") // added create permission to user "bob", should be allowed now @@ -9286,7 +9345,7 @@ func RunAuthorizationWithMultiplePoliciesTests(t *testing.T, userClient *resty.C So(catalog.Repositories, ShouldContain, AuthorizationNamespace) // no policy - conf.HTTP.AccessControl.Repositories[AuthorizationAllRepos] = config.PolicyGroup{} + conf.HTTP.AccessControl.Repositories[test.AuthorizationAllRepos] = config.PolicyGroup{} // no policies, so no anonymous allowed resp, err = resty.R().Get(baseURL + "/v2/_catalog") @@ -9315,7 +9374,7 @@ func RunAuthorizationWithMultiplePoliciesTests(t *testing.T, userClient *resty.C So(len(catalog.Repositories), ShouldEqual, 0) } -func RunAuthorizationTests(t *testing.T, client *resty.Client, baseURL string, conf *config.Config) { +func RunAuthorizationTests(t *testing.T, client *resty.Client, baseURL, user string, conf *config.Config) { t.Helper() Convey("run authorization tests", func() { @@ -9351,9 +9410,8 @@ func RunAuthorizationTests(t *testing.T, client *resty.Client, baseURL string, c // first let's use global based policies // add test user to global policy with create perm - conf.HTTP.AccessControl.Repositories[AuthorizationAllRepos].Policies[0].Users = append(conf.HTTP.AccessControl.Repositories[AuthorizationAllRepos].Policies[0].Users, "test") //nolint:lll // gofumpt conflicts with lll - - conf.HTTP.AccessControl.Repositories[AuthorizationAllRepos].Policies[0].Actions = append(conf.HTTP.AccessControl.Repositories[AuthorizationAllRepos].Policies[0].Actions, "create") //nolint:lll // gofumpt conflicts with lll + conf.HTTP.AccessControl.Repositories[test.AuthorizationAllRepos].Policies[0].Users = append(conf.HTTP.AccessControl.Repositories[test.AuthorizationAllRepos].Policies[0].Users, user) //nolint:lll // gofumpt conflicts with lll + conf.HTTP.AccessControl.Repositories[test.AuthorizationAllRepos].Policies[0].Actions = append(conf.HTTP.AccessControl.Repositories[test.AuthorizationAllRepos].Policies[0].Actions, "create") //nolint:lll // gofumpt conflicts with lll // now it should get 202 resp, err = client.R().Post(baseURL + "/v2/" + AuthorizationNamespace + "/blobs/uploads/") @@ -9386,7 +9444,7 @@ func RunAuthorizationTests(t *testing.T, client *resty.Client, baseURL string, c So(resp.StatusCode(), ShouldEqual, http.StatusForbidden) // get tags with read access should get 200 - conf.HTTP.AccessControl.Repositories[AuthorizationAllRepos].Policies[0].Actions = append(conf.HTTP.AccessControl.Repositories[AuthorizationAllRepos].Policies[0].Actions, "read") //nolint:lll // gofumpt conflicts with lll + conf.HTTP.AccessControl.Repositories[test.AuthorizationAllRepos].Policies[0].Actions = append(conf.HTTP.AccessControl.Repositories[test.AuthorizationAllRepos].Policies[0].Actions, "read") //nolint:lll // gofumpt conflicts with lll resp, err = client.R().Get(baseURL + "/v2/" + AuthorizationNamespace + "/tags/list") So(err, ShouldBeNil) @@ -9412,7 +9470,7 @@ func RunAuthorizationTests(t *testing.T, client *resty.Client, baseURL string, c So(resp.StatusCode(), ShouldEqual, http.StatusForbidden) // add delete perm on repo - conf.HTTP.AccessControl.Repositories[AuthorizationAllRepos].Policies[0].Actions = append(conf.HTTP.AccessControl.Repositories[AuthorizationAllRepos].Policies[0].Actions, "delete") //nolint:lll // gofumpt conflicts with lll + conf.HTTP.AccessControl.Repositories[test.AuthorizationAllRepos].Policies[0].Actions = append(conf.HTTP.AccessControl.Repositories[test.AuthorizationAllRepos].Policies[0].Actions, "delete") //nolint:lll // gofumpt conflicts with lll // delete blob should get 202 resp, err = client.R().Delete(baseURL + "/v2/" + AuthorizationNamespace + "/blobs/" + digest) @@ -9433,7 +9491,7 @@ func RunAuthorizationTests(t *testing.T, client *resty.Client, baseURL string, c DefaultPolicy: []string{}, } - conf.HTTP.AccessControl.Repositories[AuthorizationNamespace].Policies[0].Users = append(conf.HTTP.AccessControl.Repositories[AuthorizationNamespace].Policies[0].Users, "test") //nolint:lll // gofumpt conflicts with lll + conf.HTTP.AccessControl.Repositories[AuthorizationNamespace].Policies[0].Users = append(conf.HTTP.AccessControl.Repositories[AuthorizationNamespace].Policies[0].Users, user) //nolint:lll // gofumpt conflicts with lll conf.HTTP.AccessControl.Repositories[AuthorizationNamespace].Policies[0].Actions = append(conf.HTTP.AccessControl.Repositories[AuthorizationNamespace].Policies[0].Actions, "create") //nolint:lll // gofumpt conflicts with lll // now it should get 202 @@ -9507,10 +9565,10 @@ func RunAuthorizationTests(t *testing.T, client *resty.Client, baseURL string, c So(resp.StatusCode(), ShouldEqual, http.StatusAccepted) // remove permissions on **/* so it will not interfere with zot-test namespace - repoPolicy := conf.HTTP.AccessControl.Repositories[AuthorizationAllRepos] + repoPolicy := conf.HTTP.AccessControl.Repositories[test.AuthorizationAllRepos] repoPolicy.Policies = []config.Policy{} repoPolicy.DefaultPolicy = []string{} - conf.HTTP.AccessControl.Repositories[AuthorizationAllRepos] = repoPolicy + conf.HTTP.AccessControl.Repositories[test.AuthorizationAllRepos] = repoPolicy // get manifest should get 403, we don't have perm at all on this repo resp, err = client.R().Get(baseURL + "/v2/zot-test/manifests/0.0.1") @@ -9521,7 +9579,7 @@ func RunAuthorizationTests(t *testing.T, client *resty.Client, baseURL string, c // add read perm on repo conf.HTTP.AccessControl.Repositories["zot-test"] = config.PolicyGroup{Policies: []config.Policy{ { - Users: []string{"test"}, + Users: []string{user}, Actions: []string{"read"}, }, }, DefaultPolicy: []string{}} @@ -9729,7 +9787,7 @@ func RunAuthorizationTests(t *testing.T, client *resty.Client, baseURL string, c So(resp.StatusCode(), ShouldEqual, http.StatusForbidden) // add read perm - conf.HTTP.AccessControl.AdminPolicy.Users = append(conf.HTTP.AccessControl.AdminPolicy.Users, "test") + conf.HTTP.AccessControl.AdminPolicy.Users = append(conf.HTTP.AccessControl.AdminPolicy.Users, user) conf.HTTP.AccessControl.AdminPolicy.Actions = append(conf.HTTP.AccessControl.AdminPolicy.Actions, "read") // with read perm should get 200 diff --git a/pkg/api/routes_test.go b/pkg/api/routes_test.go index 4d050dd3..d9b7bc4e 100644 --- a/pkg/api/routes_test.go +++ b/pkg/api/routes_test.go @@ -44,8 +44,11 @@ func TestRoutes(t *testing.T) { conf := config.New() conf.HTTP.Port = port - htpasswdPath := test.MakeHtpasswdFile() + username, seedUser := test.GenerateRandomString() + password, seedPass := test.GenerateRandomString() + htpasswdPath := test.MakeHtpasswdFileFromString(test.GetCredString(username, password)) defer os.Remove(htpasswdPath) + mockOIDCServer, err := mockoidc.Run() if err != nil { panic(err) @@ -79,6 +82,7 @@ func TestRoutes(t *testing.T) { } ctlr := api.NewController(conf) + ctlr.Log.Info().Int64("seedUser", seedUser).Int64("seedPass", seedPass).Msg("random seed for username & password") ctlr.Config.Storage.RootDirectory = t.TempDir() ctlr.Config.Storage.Commit = true diff --git a/pkg/cli/client/client_test.go b/pkg/cli/client/client_test.go index 6192d441..4a8e24e8 100644 --- a/pkg/cli/client/client_test.go +++ b/pkg/cli/client/client_test.go @@ -25,18 +25,13 @@ import ( ) const ( - BaseURL1 = "http://127.0.0.1:8088" BaseSecureURL1 = "https://127.0.0.1:8088" HOST1 = "127.0.0.1:8088" SecurePort1 = "8088" - BaseURL2 = "http://127.0.0.1:8089" BaseSecureURL2 = "https://127.0.0.1:8089" SecurePort2 = "8089" - BaseURL3 = "http://127.0.0.1:8090" BaseSecureURL3 = "https://127.0.0.1:8090" SecurePort3 = "8090" - username = "test" - passphrase = "test" ServerCert = "../../../test/data/server.cert" ServerKey = "../../../test/data/server.key" CACert = "../../../test/data/ca.crt" @@ -55,7 +50,9 @@ func TestTLSWithAuth(t *testing.T) { defer func() { resty.SetTLSClientConfig(nil) }() conf := config.New() conf.HTTP.Port = SecurePort1 - htpasswdPath := test.MakeHtpasswdFile() + username, seedUser := test.GenerateRandomString() + password, seedPass := test.GenerateRandomString() + htpasswdPath := test.MakeHtpasswdFileFromString(test.GetCredString(username, password)) defer os.Remove(htpasswdPath) conf.HTTP.Auth = &config.AuthConfig{ @@ -76,6 +73,7 @@ func TestTLSWithAuth(t *testing.T) { } ctlr := api.NewController(conf) + ctlr.Log.Info().Int64("seedUser", seedUser).Int64("seedPass", seedPass).Msg("random seed for username & password") ctlr.Config.Storage.RootDirectory = t.TempDir() cm := test.NewControllerManager(ctlr) cm.StartAndWait(conf.HTTP.Port) @@ -116,7 +114,7 @@ func TestTLSWithAuth(t *testing.T) { So(err, ShouldNotBeNil) So(imageBuff.String(), ShouldContainSubstring, "check credentials") - user := fmt.Sprintf("%s:%s", username, passphrase) + user := fmt.Sprintf("%s:%s", username, password) args = []string{"-u", user, "--config", "imagetest"} configPath = makeConfigFile( fmt.Sprintf(`{"configs":[{"_name":"imagetest","url":"%s%s%s","showspinner":false}]}`, diff --git a/pkg/cli/server/config_reloader_test.go b/pkg/cli/server/config_reloader_test.go index eb8fdcf7..c54a12d3 100644 --- a/pkg/cli/server/config_reloader_test.go +++ b/pkg/cli/server/config_reloader_test.go @@ -11,7 +11,6 @@ import ( "time" . "github.com/smartystreets/goconvey/convey" - "golang.org/x/crypto/bcrypt" cli "zotregistry.io/zot/pkg/cli/server" test "zotregistry.io/zot/pkg/test/common" @@ -32,14 +31,7 @@ func TestConfigReloader(t *testing.T) { username := "alice" password := "alice" - hash, err := bcrypt.GenerateFromPassword([]byte(password), 10) - if err != nil { - panic(err) - } - - usernameAndHash := fmt.Sprintf("%s:%s", username, string(hash)) - - htpasswdPath := test.MakeHtpasswdFileFromString(usernameAndHash) + htpasswdPath := test.MakeHtpasswdFileFromString(test.GetCredString(username, password)) defer os.Remove(htpasswdPath) defer os.Remove(logFile.Name()) // clean up diff --git a/pkg/debug/pprof/pprof_test.go b/pkg/debug/pprof/pprof_test.go index f1ceb6c9..d5ff6125 100644 --- a/pkg/debug/pprof/pprof_test.go +++ b/pkg/debug/pprof/pprof_test.go @@ -22,14 +22,14 @@ func TestProfilingAuthz(t *testing.T) { Convey("Make a new controller", t, func() { port := test.GetFreePort() baseURL := test.GetBaseURL(port) - adminUsername := "admin" - adminPassword := "admin" - username := "test" - password := "test" - authorizationAllRepos := "**" + adminUsername, seedAdminUser := test.GenerateRandomString() + adminPassword, seedAdminPass := test.GenerateRandomString() + username, seedUser := test.GenerateRandomString() + password, seedPass := test.GenerateRandomString() + authorizationAllRepos := test.AuthorizationAllRepos testCreds := test.GetCredString(adminUsername, adminPassword) + - "\n" + test.GetCredString(username, password) + test.GetCredString(username, password) htpasswdPath := test.MakeHtpasswdFileFromString(testCreds) defer os.Remove(htpasswdPath) @@ -98,6 +98,9 @@ func TestProfilingAuthz(t *testing.T) { } ctlr := api.NewController(conf) + ctlr.Log.Info().Int64("seedAdminUser", seedAdminUser).Int64("seedAdminPass", seedAdminPass). + Msg("random seed for admin username & password") + ctlr.Log.Info().Int64("seedUser", seedUser).Int64("seedPass", seedPass).Msg("random seed for username & password") cm := test.NewControllerManager(ctlr) cm.StartAndWait(port) defer cm.StopServer() diff --git a/pkg/extensions/extensions_test.go b/pkg/extensions/extensions_test.go index 9f106367..002825cc 100644 --- a/pkg/extensions/extensions_test.go +++ b/pkg/extensions/extensions_test.go @@ -140,7 +140,9 @@ func TestMgmtExtension(t *testing.T) { mockOIDCConfig := mockOIDCServer.Config() Convey("Verify mgmt auth info route enabled with htpasswd", t, func() { - htpasswdPath := test.MakeHtpasswdFile() + username, seedUser := test.GenerateRandomString() + password, seedPass := test.GenerateRandomString() + htpasswdPath := test.MakeHtpasswdFileFromString(test.GetCredString(username, password)) conf.HTTP.Auth.HTPasswd.Path = htpasswdPath conf.Extensions = &extconf.ExtensionConfig{} @@ -154,6 +156,7 @@ func TestMgmtExtension(t *testing.T) { defer os.Remove(logFile.Name()) // cleanup ctlr := api.NewController(conf) + ctlr.Log.Info().Int64("seedUser", seedUser).Int64("seedPass", seedPass).Msg("random seed for username & password") subPaths := make(map[string]config.StorageConfig) subPaths["/a"] = config.StorageConfig{RootDirectory: t.TempDir()} @@ -202,7 +205,7 @@ func TestMgmtExtension(t *testing.T) { So(mgmtResp.HTTP.Auth.LDAP, ShouldBeNil) // with credentials - resp, err = resty.R().SetBasicAuth("test", "test").Get(baseURL + constants.FullMgmt) + resp, err = resty.R().SetBasicAuth(username, password).Get(baseURL + constants.FullMgmt) So(err, ShouldBeNil) So(resp.StatusCode(), ShouldEqual, http.StatusOK) @@ -215,12 +218,13 @@ func TestMgmtExtension(t *testing.T) { So(mgmtResp.HTTP.Auth.LDAP, ShouldBeNil) // with wrong credentials - resp, err = resty.R().SetBasicAuth("test", "wrong").Get(baseURL + constants.FullMgmt) + resp, err = resty.R().SetBasicAuth(username, "wrong").Get(baseURL + constants.FullMgmt) So(err, ShouldBeNil) So(resp.StatusCode(), ShouldEqual, http.StatusUnauthorized) }) Convey("Verify mgmt auth info route enabled with ldap", t, func() { + defer os.Remove(conf.HTTP.Auth.HTPasswd.Path) // cleanup of a file created in previous Convey conf.HTTP.Auth.LDAP = &config.LDAPConfig{ BindDN: "binddn", BaseDN: "basedn", @@ -281,7 +285,10 @@ func TestMgmtExtension(t *testing.T) { }) Convey("Verify mgmt auth info route enabled with htpasswd + ldap", t, func() { - htpasswdPath := test.MakeHtpasswdFile() + username, seedUser := test.GenerateRandomString() + password, seedPass := test.GenerateRandomString() + htpasswdPath := test.MakeHtpasswdFileFromString(test.GetCredString(username, password)) + defer os.Remove(htpasswdPath) conf.HTTP.Auth.HTPasswd.Path = htpasswdPath conf.HTTP.Auth.LDAP = &config.LDAPConfig{ BindDN: "binddn", @@ -300,6 +307,7 @@ func TestMgmtExtension(t *testing.T) { defer os.Remove(logFile.Name()) // cleanup ctlr := api.NewController(conf) + ctlr.Log.Info().Int64("seedUser", seedUser).Int64("seedPass", seedPass).Msg("random seed for username & password") subPaths := make(map[string]config.StorageConfig) subPaths["/a"] = config.StorageConfig{RootDirectory: t.TempDir()} @@ -342,7 +350,7 @@ func TestMgmtExtension(t *testing.T) { So(mgmtResp.HTTP.Auth.Bearer, ShouldBeNil) // with credentials - resp, err = resty.R().SetBasicAuth("test", "test").Get(baseURL + constants.FullMgmt) + resp, err = resty.R().SetBasicAuth(username, password).Get(baseURL + constants.FullMgmt) So(err, ShouldBeNil) So(resp.StatusCode(), ShouldEqual, http.StatusOK) @@ -356,7 +364,10 @@ func TestMgmtExtension(t *testing.T) { }) Convey("Verify mgmt auth info route enabled with htpasswd + ldap + bearer", t, func() { - htpasswdPath := test.MakeHtpasswdFile() + username, seedUser := test.GenerateRandomString() + password, seedPass := test.GenerateRandomString() + htpasswdPath := test.MakeHtpasswdFileFromString(test.GetCredString(username, password)) + defer os.Remove(htpasswdPath) conf.HTTP.Auth.HTPasswd.Path = htpasswdPath conf.HTTP.Auth.LDAP = &config.LDAPConfig{ BindDN: "binddn", @@ -380,6 +391,7 @@ func TestMgmtExtension(t *testing.T) { defer os.Remove(logFile.Name()) // cleanup ctlr := api.NewController(conf) + ctlr.Log.Info().Int64("seedUser", seedUser).Int64("seedPass", seedPass).Msg("random seed for username & password") ctlr.Config.Storage.RootDirectory = t.TempDir() @@ -420,7 +432,7 @@ func TestMgmtExtension(t *testing.T) { So(mgmtResp.HTTP.Auth.Bearer.Service, ShouldEqual, "service") // with credentials - resp, err = resty.R().SetBasicAuth("test", "test").Get(baseURL + constants.FullMgmt) + resp, err = resty.R().SetBasicAuth(username, password).Get(baseURL + constants.FullMgmt) So(err, ShouldBeNil) So(resp.StatusCode(), ShouldEqual, http.StatusOK) @@ -629,7 +641,10 @@ func TestMgmtExtension(t *testing.T) { }) Convey("Verify mgmt auth info route enabled with empty openID provider list", t, func() { - htpasswdPath := test.MakeHtpasswdFile() + username, seedUser := test.GenerateRandomString() + password, seedPass := test.GenerateRandomString() + htpasswdPath := test.MakeHtpasswdFileFromString(test.GetCredString(username, password)) + defer os.Remove(htpasswdPath) conf.HTTP.Auth.HTPasswd.Path = htpasswdPath conf.HTTP.Auth.LDAP = nil @@ -652,6 +667,7 @@ func TestMgmtExtension(t *testing.T) { defer os.Remove(logFile.Name()) // cleanup ctlr := api.NewController(conf) + ctlr.Log.Info().Int64("seedUser", seedUser).Int64("seedPass", seedPass).Msg("random seed for username & password") ctlr.Config.Storage.RootDirectory = t.TempDir() diff --git a/pkg/extensions/lint/lint_test.go b/pkg/extensions/lint/lint_test.go index 9a784bf5..5f42d825 100644 --- a/pkg/extensions/lint/lint_test.go +++ b/pkg/extensions/lint/lint_test.go @@ -28,19 +28,6 @@ import ( ociutils "zotregistry.io/zot/pkg/test/oci-utils" ) -const ( - username = "test" - passphrase = "test" - ServerCert = "../../test/data/server.cert" - ServerKey = "../../test/data/server.key" - CACert = "../../test/data/ca.crt" - AuthorizedNamespace = "everyone/isallowed" - UnauthorizedNamespace = "fortknox/notallowed" - ALICE = "alice" - AuthorizationNamespace = "authz/image" - AuthorizationAllRepos = "**" -) - func TestVerifyMandatoryAnnotations(t *testing.T) { //nolint: dupl Convey("Mandatory annotations disabled", t, func() { @@ -67,8 +54,7 @@ func TestVerifyMandatoryAnnotations(t *testing.T) { cm.StartAndWait(port) defer cm.StopServer() - resp, err := resty.R().SetBasicAuth(username, passphrase). - Get(baseURL + "/v2/zot-test/manifests/0.0.1") + resp, err := resty.R().Get(baseURL + "/v2/zot-test/manifests/0.0.1") So(err, ShouldBeNil) So(resp, ShouldNotBeNil) So(resp.StatusCode(), ShouldEqual, http.StatusOK) @@ -114,8 +100,7 @@ func TestVerifyMandatoryAnnotations(t *testing.T) { cm.StartAndWait(port) defer cm.StopServer() - resp, err := resty.R().SetBasicAuth(username, passphrase). - Get(baseURL + "/v2/zot-test/manifests/0.0.1") + resp, err := resty.R().Get(baseURL + "/v2/zot-test/manifests/0.0.1") So(err, ShouldBeNil) So(resp, ShouldNotBeNil) So(resp.StatusCode(), ShouldEqual, http.StatusOK) @@ -161,8 +146,7 @@ func TestVerifyMandatoryAnnotations(t *testing.T) { cm.StartAndWait(port) defer cm.StopServer() - resp, err := resty.R().SetBasicAuth(username, passphrase). - Get(baseURL + "/v2/zot-test/manifests/0.0.1") + resp, err := resty.R().Get(baseURL + "/v2/zot-test/manifests/0.0.1") So(err, ShouldBeNil) So(resp, ShouldNotBeNil) So(resp.StatusCode(), ShouldEqual, http.StatusOK) @@ -214,8 +198,7 @@ func TestVerifyMandatoryAnnotations(t *testing.T) { cm.StartAndWait(port) defer cm.StopServer() - resp, err := resty.R().SetBasicAuth(username, passphrase). - Get(baseURL + "/v2/zot-test/manifests/0.0.1") + resp, err := resty.R().Get(baseURL + "/v2/zot-test/manifests/0.0.1") So(err, ShouldBeNil) So(resp, ShouldNotBeNil) So(resp.StatusCode(), ShouldEqual, http.StatusOK) @@ -232,8 +215,7 @@ func TestVerifyMandatoryAnnotations(t *testing.T) { configDigest := manifest.Config.Digest - resp, err = resty.R().SetBasicAuth(username, passphrase). - Get(baseURL + fmt.Sprintf("/v2/zot-test/blobs/%s", configDigest)) + resp, err = resty.R().Get(baseURL + fmt.Sprintf("/v2/zot-test/blobs/%s", configDigest)) So(err, ShouldBeNil) So(resp, ShouldNotBeNil) So(resp.StatusCode(), ShouldEqual, http.StatusOK) @@ -302,8 +284,7 @@ func TestVerifyMandatoryAnnotations(t *testing.T) { cm.StartAndWait(port) defer cm.StopServer() - resp, err := resty.R().SetBasicAuth(username, passphrase). - Get(baseURL + "/v2/zot-test/manifests/0.0.1") + resp, err := resty.R().Get(baseURL + "/v2/zot-test/manifests/0.0.1") So(err, ShouldBeNil) So(resp, ShouldNotBeNil) So(resp.StatusCode(), ShouldEqual, http.StatusOK) @@ -319,8 +300,7 @@ func TestVerifyMandatoryAnnotations(t *testing.T) { configDigest := manifest.Config.Digest - resp, err = resty.R().SetBasicAuth(username, passphrase). - Get(baseURL + fmt.Sprintf("/v2/zot-test/blobs/%s", configDigest)) + resp, err = resty.R().Get(baseURL + fmt.Sprintf("/v2/zot-test/blobs/%s", configDigest)) So(err, ShouldBeNil) So(resp, ShouldNotBeNil) So(resp.StatusCode(), ShouldEqual, http.StatusOK) @@ -389,8 +369,7 @@ func TestVerifyMandatoryAnnotations(t *testing.T) { cm.StartAndWait(port) defer cm.StopServer() - resp, err := resty.R().SetBasicAuth(username, passphrase). - Get(baseURL + "/v2/zot-test/manifests/0.0.1") + resp, err := resty.R().Get(baseURL + "/v2/zot-test/manifests/0.0.1") So(err, ShouldBeNil) So(resp, ShouldNotBeNil) So(resp.StatusCode(), ShouldEqual, http.StatusOK) @@ -445,8 +424,7 @@ func TestVerifyMandatoryAnnotations(t *testing.T) { cm.StartAndWait(port) defer cm.StopServer() - resp, err := resty.R().SetBasicAuth(username, passphrase). - Get(baseURL + "/v2/zot-test/manifests/0.0.1") + resp, err := resty.R().Get(baseURL + "/v2/zot-test/manifests/0.0.1") So(err, ShouldBeNil) So(resp, ShouldNotBeNil) So(resp.StatusCode(), ShouldEqual, http.StatusOK) diff --git a/pkg/extensions/search/cve/cve_test.go b/pkg/extensions/search/cve/cve_test.go index 32d90591..662c969b 100644 --- a/pkg/extensions/search/cve/cve_test.go +++ b/pkg/extensions/search/cve/cve_test.go @@ -38,18 +38,13 @@ import ( mTypes "zotregistry.io/zot/pkg/meta/types" "zotregistry.io/zot/pkg/storage" "zotregistry.io/zot/pkg/storage/local" - . "zotregistry.io/zot/pkg/test/common" + test "zotregistry.io/zot/pkg/test/common" "zotregistry.io/zot/pkg/test/deprecated" . "zotregistry.io/zot/pkg/test/image-utils" "zotregistry.io/zot/pkg/test/mocks" ociutils "zotregistry.io/zot/pkg/test/oci-utils" ) -const ( - username = "test" - passphrase = "test" -) - type CveResult struct { ImgList ImgList `json:"data"` Errors []ErrorGQL `json:"errors"` @@ -418,11 +413,13 @@ func TestImageFormat(t *testing.T) { func TestCVESearchDisabled(t *testing.T) { Convey("Test with CVE search disabled", t, func() { - port := GetFreePort() - baseURL := GetBaseURL(port) + port := test.GetFreePort() + baseURL := test.GetBaseURL(port) conf := config.New() conf.HTTP.Port = port - htpasswdPath := MakeHtpasswdFile() + username, seedUser := test.GenerateRandomString() + password, seedPass := test.GenerateRandomString() + htpasswdPath := test.MakeHtpasswdFileFromString(test.GetCredString(username, password)) defer os.Remove(htpasswdPath) conf.HTTP.Auth = &config.AuthConfig{ @@ -453,27 +450,28 @@ func TestCVESearchDisabled(t *testing.T) { writers := io.MultiWriter(os.Stdout, logFile) ctlr := api.NewController(conf) + ctlr.Log.Info().Int64("seedUser", seedUser).Int64("seedPass", seedPass).Msg("random seed for username & password") ctlr.Log.Logger = ctlr.Log.Output(writers) - ctrlManager := NewControllerManager(ctlr) + ctrlManager := test.NewControllerManager(ctlr) ctrlManager.StartAndWait(port) // Wait for trivy db to download - found, err := ReadLogFileAndSearchString(logPath, "CVE config not provided, skipping CVE update", 90*time.Second) + found, err := test.ReadLogFileAndSearchString(logPath, "CVE config not provided, skipping CVE update", 90*time.Second) So(err, ShouldBeNil) So(found, ShouldBeTrue) defer ctrlManager.StopServer() - resp, _ := resty.R().SetBasicAuth(username, passphrase).Get(baseURL + constants.FullSearchPrefix + "?query={CVEListForImage(image:\"zot-test\"){Tag%20CVEList{Id%20Description%20Severity%20PackageList{Name%20InstalledVersion%20FixedVersion}}}}") + resp, _ := resty.R().SetBasicAuth(username, password).Get(baseURL + constants.FullSearchPrefix + "?query={CVEListForImage(image:\"zot-test\"){Tag%20CVEList{Id%20Description%20Severity%20PackageList{Name%20InstalledVersion%20FixedVersion}}}}") So(string(resp.Body()), ShouldContainSubstring, "search: CVE search is disabled") So(resp.StatusCode(), ShouldEqual, 200) - resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(baseURL + constants.FullSearchPrefix + "?query={ImageListForCVE(id:\"CVE-201-20482\"){Results{RepoName%20Tag}}}") + resp, _ = resty.R().SetBasicAuth(username, password).Get(baseURL + constants.FullSearchPrefix + "?query={ImageListForCVE(id:\"CVE-201-20482\"){Results{RepoName%20Tag}}}") So(string(resp.Body()), ShouldContainSubstring, "search: CVE search is disabled") So(resp.StatusCode(), ShouldEqual, 200) - resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(baseURL + constants.FullSearchPrefix + "?query={ImageListWithCVEFixed(id:\"" + "randomId" + "\",image:\"zot-test\"){Results{RepoName%20LastUpdated}}}") + resp, _ = resty.R().SetBasicAuth(username, password).Get(baseURL + constants.FullSearchPrefix + "?query={ImageListWithCVEFixed(id:\"" + "randomId" + "\",image:\"zot-test\"){Results{RepoName%20LastUpdated}}}") So(resp, ShouldNotBeNil) So(string(resp.Body()), ShouldContainSubstring, "search: CVE search is disabled") So(resp.StatusCode(), ShouldEqual, 200) @@ -483,11 +481,13 @@ func TestCVESearchDisabled(t *testing.T) { func TestCVESearch(t *testing.T) { Convey("Test image vulnerability scanning", t, func() { updateDuration, _ := time.ParseDuration("1h") - port := GetFreePort() - baseURL := GetBaseURL(port) + port := test.GetFreePort() + baseURL := test.GetBaseURL(port) conf := config.New() conf.HTTP.Port = port - htpasswdPath := MakeHtpasswdFile() + username, seedUser := test.GenerateRandomString() + password, seedPass := test.GenerateRandomString() + htpasswdPath := test.MakeHtpasswdFileFromString(test.GetCredString(username, password)) defer os.Remove(htpasswdPath) dbDir, err := testSetup(t) @@ -529,14 +529,15 @@ func TestCVESearch(t *testing.T) { ctlr := api.NewController(conf) ctlr.Log.Logger = ctlr.Log.Output(writers) - ctrlManager := NewControllerManager(ctlr) + ctlr.Log.Info().Int64("seedUser", seedUser).Int64("seedPass", seedPass).Msg("random seed for username & password") + ctrlManager := test.NewControllerManager(ctlr) ctrlManager.StartAndWait(port) // trivy db download fail err = os.Mkdir(dbDir+"/_trivy", 0o000) So(err, ShouldBeNil) - found, err := ReadLogFileAndSearchString(logPath, "Error downloading Trivy DB to destination dir", 180*time.Second) + found, err := test.ReadLogFileAndSearchString(logPath, "Error downloading Trivy DB to destination dir", 180*time.Second) So(err, ShouldBeNil) So(found, ShouldBeTrue) @@ -544,7 +545,7 @@ func TestCVESearch(t *testing.T) { So(err, ShouldBeNil) // Wait for trivy db to download - found, err = ReadLogFileAndSearchString(logPath, "DB update completed, next update scheduled", 180*time.Second) + found, err = test.ReadLogFileAndSearchString(logPath, "DB update completed, next update scheduled", 180*time.Second) So(err, ShouldBeNil) So(found, ShouldBeTrue) @@ -567,21 +568,21 @@ func TestCVESearch(t *testing.T) { So(err, ShouldBeNil) // with creds, should get expected status code - resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(baseURL) + resp, _ = resty.R().SetBasicAuth(username, password).Get(baseURL) So(resp, ShouldNotBeNil) So(resp.StatusCode(), ShouldEqual, 404) - resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(baseURL + "/v2/") + resp, _ = resty.R().SetBasicAuth(username, password).Get(baseURL + "/v2/") So(resp, ShouldNotBeNil) So(resp.StatusCode(), ShouldEqual, 200) - resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(baseURL + constants.FullSearchPrefix) + resp, _ = resty.R().SetBasicAuth(username, password).Get(baseURL + constants.FullSearchPrefix) So(resp, ShouldNotBeNil) So(resp.StatusCode(), ShouldEqual, 422) var cveResult CveResult contains := false - resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(baseURL + constants.FullSearchPrefix + "?query={CVEListForImage(image:\"zot-test\"){Tag%20CVEList{Id%20Description%20Severity%20PackageList{Name%20InstalledVersion%20FixedVersion}}}}") + resp, _ = resty.R().SetBasicAuth(username, password).Get(baseURL + constants.FullSearchPrefix + "?query={CVEListForImage(image:\"zot-test\"){Tag%20CVEList{Id%20Description%20Severity%20PackageList{Name%20InstalledVersion%20FixedVersion}}}}") err = json.Unmarshal(resp.Body(), &cveResult) So(err, ShouldBeNil) for _, err := range cveResult.Errors { @@ -592,7 +593,7 @@ func TestCVESearch(t *testing.T) { } So(contains, ShouldBeTrue) - resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(baseURL + constants.FullSearchPrefix + "?query={CVEListForImage(image:\"zot-test:0.0.1\"){Tag%20CVEList{Id%20Description%20Severity%20PackageList{Name%20InstalledVersion%20FixedVersion}}}}") + resp, _ = resty.R().SetBasicAuth(username, password).Get(baseURL + constants.FullSearchPrefix + "?query={CVEListForImage(image:\"zot-test:0.0.1\"){Tag%20CVEList{Id%20Description%20Severity%20PackageList{Name%20InstalledVersion%20FixedVersion}}}}") So(resp, ShouldNotBeNil) So(resp.StatusCode(), ShouldEqual, 200) @@ -602,7 +603,7 @@ func TestCVESearch(t *testing.T) { cveid := cveResult.ImgList.CVEResultForImage.CVEList[0].ID - resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(baseURL + constants.FullSearchPrefix + "?query={ImageListWithCVEFixed(id:\"" + cveid + "\",image:\"zot-test\"){Results{RepoName%20LastUpdated}}}") + resp, _ = resty.R().SetBasicAuth(username, password).Get(baseURL + constants.FullSearchPrefix + "?query={ImageListWithCVEFixed(id:\"" + cveid + "\",image:\"zot-test\"){Results{RepoName%20LastUpdated}}}") So(resp, ShouldNotBeNil) So(resp.StatusCode(), ShouldEqual, 200) @@ -611,7 +612,7 @@ func TestCVESearch(t *testing.T) { So(err, ShouldBeNil) So(len(imgListWithCVEFixed.Images), ShouldEqual, 0) - resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(baseURL + constants.FullSearchPrefix + "?query={ImageListWithCVEFixed(id:\"" + cveid + "\",image:\"zot-cve-test\"){Results{RepoName%20LastUpdated}}}") + resp, _ = resty.R().SetBasicAuth(username, password).Get(baseURL + constants.FullSearchPrefix + "?query={ImageListWithCVEFixed(id:\"" + cveid + "\",image:\"zot-cve-test\"){Results{RepoName%20LastUpdated}}}") So(resp, ShouldNotBeNil) So(resp.StatusCode(), ShouldEqual, 200) @@ -619,11 +620,11 @@ func TestCVESearch(t *testing.T) { So(err, ShouldBeNil) So(len(imgListWithCVEFixed.Images), ShouldEqual, 0) - resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(baseURL + constants.FullSearchPrefix + "?query={ImageListWithCVEFixed(id:\"" + cveid + "\",image:\"zot-test\"){Results{RepoName%20LastUpdated}}}") + resp, _ = resty.R().SetBasicAuth(username, password).Get(baseURL + constants.FullSearchPrefix + "?query={ImageListWithCVEFixed(id:\"" + cveid + "\",image:\"zot-test\"){Results{RepoName%20LastUpdated}}}") So(resp, ShouldNotBeNil) So(resp.StatusCode(), ShouldEqual, 200) - resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(baseURL + constants.FullSearchPrefix + "?query={CVEListForImage(image:\"b/zot-squashfs-test:commit-aaa7c6e7-squashfs\"){Tag%20CVEList{Id%20Description%20Severity%20PackageList{Name%20InstalledVersion%20FixedVersion}}}}") + resp, _ = resty.R().SetBasicAuth(username, password).Get(baseURL + constants.FullSearchPrefix + "?query={CVEListForImage(image:\"b/zot-squashfs-test:commit-aaa7c6e7-squashfs\"){Tag%20CVEList{Id%20Description%20Severity%20PackageList{Name%20InstalledVersion%20FixedVersion}}}}") So(resp, ShouldNotBeNil) So(resp.StatusCode(), ShouldEqual, 200) @@ -632,108 +633,108 @@ func TestCVESearch(t *testing.T) { So(err, ShouldBeNil) So(len(cveSquashFSResult.ImgList.CVEResultForImage.CVEList), ShouldBeZeroValue) - resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(baseURL + constants.FullSearchPrefix + "?query={CVEListForImage(image:\"zot-squashfs-noindex:commit-aaa7c6e7-squashfs\"){Tag%20CVEList{Id%20Description%20Severity%20PackageList{Name%20InstalledVersion%20FixedVersion}}}}") + resp, _ = resty.R().SetBasicAuth(username, password).Get(baseURL + constants.FullSearchPrefix + "?query={CVEListForImage(image:\"zot-squashfs-noindex:commit-aaa7c6e7-squashfs\"){Tag%20CVEList{Id%20Description%20Severity%20PackageList{Name%20InstalledVersion%20FixedVersion}}}}") So(resp, ShouldNotBeNil) So(resp.StatusCode(), ShouldEqual, 200) - resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(baseURL + constants.FullSearchPrefix + "?query={ImageListWithCVEFixed(id:\"" + cveid + "\",image:\"zot-squashfs-noindex\"){Results{RepoName%20LastUpdated}}}") + resp, _ = resty.R().SetBasicAuth(username, password).Get(baseURL + constants.FullSearchPrefix + "?query={ImageListWithCVEFixed(id:\"" + cveid + "\",image:\"zot-squashfs-noindex\"){Results{RepoName%20LastUpdated}}}") So(resp, ShouldNotBeNil) So(resp.StatusCode(), ShouldEqual, 200) - resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(baseURL + constants.FullSearchPrefix + "?query={CVEListForImage(image:\"zot-squashfs-invalid-index:commit-aaa7c6e7-squashfs\"){Tag%20CVEList{Id%20Description%20Severity%20PackageList{Name%20InstalledVersion%20FixedVersion}}}}") + resp, _ = resty.R().SetBasicAuth(username, password).Get(baseURL + constants.FullSearchPrefix + "?query={CVEListForImage(image:\"zot-squashfs-invalid-index:commit-aaa7c6e7-squashfs\"){Tag%20CVEList{Id%20Description%20Severity%20PackageList{Name%20InstalledVersion%20FixedVersion}}}}") So(resp, ShouldNotBeNil) So(resp.StatusCode(), ShouldEqual, 200) - resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(baseURL + constants.FullSearchPrefix + "?query={ImageListWithCVEFixed(id:\"" + cveid + "\",image:\"zot-squashfs-invalid-index\"){Results{RepoName%20LastUpdated}}}") + resp, _ = resty.R().SetBasicAuth(username, password).Get(baseURL + constants.FullSearchPrefix + "?query={ImageListWithCVEFixed(id:\"" + cveid + "\",image:\"zot-squashfs-invalid-index\"){Results{RepoName%20LastUpdated}}}") So(resp, ShouldNotBeNil) So(resp.StatusCode(), ShouldEqual, 200) - resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(baseURL + constants.FullSearchPrefix + "?query={CVEListForImage(image:\"zot-squashfs-noblobs:commit-aaa7c6e7-squashfs\"){Tag%20CVEList{Id%20Description%20Severity%20PackageList{Name%20InstalledVersion%20FixedVersion}}}}") + resp, _ = resty.R().SetBasicAuth(username, password).Get(baseURL + constants.FullSearchPrefix + "?query={CVEListForImage(image:\"zot-squashfs-noblobs:commit-aaa7c6e7-squashfs\"){Tag%20CVEList{Id%20Description%20Severity%20PackageList{Name%20InstalledVersion%20FixedVersion}}}}") So(resp, ShouldNotBeNil) So(resp.StatusCode(), ShouldEqual, 200) - resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(baseURL + constants.FullSearchPrefix + "?query={ImageListWithCVEFixed(id:\"" + cveid + "\",image:\"zot-squashfs-noblob\"){Results{RepoName%20LastUpdated}}}") + resp, _ = resty.R().SetBasicAuth(username, password).Get(baseURL + constants.FullSearchPrefix + "?query={ImageListWithCVEFixed(id:\"" + cveid + "\",image:\"zot-squashfs-noblob\"){Results{RepoName%20LastUpdated}}}") So(resp, ShouldNotBeNil) So(resp.StatusCode(), ShouldEqual, 200) - resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(baseURL + constants.FullSearchPrefix + "?query={ImageListWithCVEFixed(id:\"" + cveid + "\",image:\"zot-squashfs-test\"){Results{RepoName%20LastUpdated}}}") + resp, _ = resty.R().SetBasicAuth(username, password).Get(baseURL + constants.FullSearchPrefix + "?query={ImageListWithCVEFixed(id:\"" + cveid + "\",image:\"zot-squashfs-test\"){Results{RepoName%20LastUpdated}}}") So(resp, ShouldNotBeNil) So(resp.StatusCode(), ShouldEqual, 200) - resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(baseURL + constants.FullSearchPrefix + "?query={CVEListForImage(image:\"zot-squashfs-invalid-blob:commit-aaa7c6e7-squashfs\"){Tag%20CVEList{Id%20Description%20Severity%20PackageList{Name%20InstalledVersion%20FixedVersion}}}}") + resp, _ = resty.R().SetBasicAuth(username, password).Get(baseURL + constants.FullSearchPrefix + "?query={CVEListForImage(image:\"zot-squashfs-invalid-blob:commit-aaa7c6e7-squashfs\"){Tag%20CVEList{Id%20Description%20Severity%20PackageList{Name%20InstalledVersion%20FixedVersion}}}}") So(resp, ShouldNotBeNil) So(resp.StatusCode(), ShouldEqual, 200) - resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(baseURL + constants.FullSearchPrefix + "?query={ImageListWithCVEFixed(id:\"" + cveid + "\",image:\"zot-squashfs-invalid-blob\"){Results{RepoName%20LastUpdated}}}") + resp, _ = resty.R().SetBasicAuth(username, password).Get(baseURL + constants.FullSearchPrefix + "?query={ImageListWithCVEFixed(id:\"" + cveid + "\",image:\"zot-squashfs-invalid-blob\"){Results{RepoName%20LastUpdated}}}") So(resp, ShouldNotBeNil) So(resp.StatusCode(), ShouldEqual, 200) - resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(baseURL + constants.FullSearchPrefix + "?query={CVEListForImage(image:\"zot-squashfs-test\"){Tag%20CVEList{Id%20Description%20Severity%20PackageList{Name%20InstalledVersion%20FixedVersion}}}}") + resp, _ = resty.R().SetBasicAuth(username, password).Get(baseURL + constants.FullSearchPrefix + "?query={CVEListForImage(image:\"zot-squashfs-test\"){Tag%20CVEList{Id%20Description%20Severity%20PackageList{Name%20InstalledVersion%20FixedVersion}}}}") So(resp, ShouldNotBeNil) So(resp.StatusCode(), ShouldEqual, 200) - resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(baseURL + constants.FullSearchPrefix + "?query={CVEListForImage(image:\"cntos\"){Tag%20CVEList{Id%20Description%20Severity}}}") + resp, _ = resty.R().SetBasicAuth(username, password).Get(baseURL + constants.FullSearchPrefix + "?query={CVEListForImage(image:\"cntos\"){Tag%20CVEList{Id%20Description%20Severity}}}") So(resp, ShouldNotBeNil) So(resp.StatusCode(), ShouldEqual, 200) - resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(baseURL + constants.FullSearchPrefix + "?query={ImageListForCVE(id:\"CVE-201-20482\"){Results{RepoName%20Tag}}}") + resp, _ = resty.R().SetBasicAuth(username, password).Get(baseURL + constants.FullSearchPrefix + "?query={ImageListForCVE(id:\"CVE-201-20482\"){Results{RepoName%20Tag}}}") So(resp, ShouldNotBeNil) So(resp.StatusCode(), ShouldEqual, 200) - resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(baseURL + constants.FullSearchPrefix + "?query={CVEListForImage(image:\"zot-test\"){Tag%20CVEList{Id%20Description}}}") + resp, _ = resty.R().SetBasicAuth(username, password).Get(baseURL + constants.FullSearchPrefix + "?query={CVEListForImage(image:\"zot-test\"){Tag%20CVEList{Id%20Description}}}") So(resp, ShouldNotBeNil) So(resp.StatusCode(), ShouldEqual, 200) - resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(baseURL + constants.FullSearchPrefix + "?query={CVEListForImage(image:\"zot-test:0.0.1\"){Tag}}") + resp, _ = resty.R().SetBasicAuth(username, password).Get(baseURL + constants.FullSearchPrefix + "?query={CVEListForImage(image:\"zot-test:0.0.1\"){Tag}}") So(resp, ShouldNotBeNil) So(resp.StatusCode(), ShouldEqual, 200) - resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(baseURL + constants.FullSearchPrefix + "?query={CVEListForImage(image:\"zot-test:0.0.1\"){CVEList{Id%20Description%20Severity}}}") + resp, _ = resty.R().SetBasicAuth(username, password).Get(baseURL + constants.FullSearchPrefix + "?query={CVEListForImage(image:\"zot-test:0.0.1\"){CVEList{Id%20Description%20Severity}}}") So(resp, ShouldNotBeNil) So(resp.StatusCode(), ShouldEqual, 200) - resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(baseURL + constants.FullSearchPrefix + "?query={CVEListForImage(image:\"zot-test:0.0.1\"){CVEList{Description%20Severity}}}") + resp, _ = resty.R().SetBasicAuth(username, password).Get(baseURL + constants.FullSearchPrefix + "?query={CVEListForImage(image:\"zot-test:0.0.1\"){CVEList{Description%20Severity}}}") So(resp, ShouldNotBeNil) So(resp.StatusCode(), ShouldEqual, 200) - resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(baseURL + constants.FullSearchPrefix + "?query={CVEListForImage(image:\"zot-test:0.0.1\"){CVEList{Id%20Severity}}}") + resp, _ = resty.R().SetBasicAuth(username, password).Get(baseURL + constants.FullSearchPrefix + "?query={CVEListForImage(image:\"zot-test:0.0.1\"){CVEList{Id%20Severity}}}") So(resp, ShouldNotBeNil) So(resp.StatusCode(), ShouldEqual, 200) - resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(baseURL + constants.FullSearchPrefix + "?query={CVEListForImage(image:\"zot-test:0.0.1\"){CVEList{Id%20Description}}}") + resp, _ = resty.R().SetBasicAuth(username, password).Get(baseURL + constants.FullSearchPrefix + "?query={CVEListForImage(image:\"zot-test:0.0.1\"){CVEList{Id%20Description}}}") So(resp, ShouldNotBeNil) So(resp.StatusCode(), ShouldEqual, 200) - resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(baseURL + constants.FullSearchPrefix + "?query={CVEListForImage(image:\"zot-test:0.0.1\"){CVEList{Id}}}") + resp, _ = resty.R().SetBasicAuth(username, password).Get(baseURL + constants.FullSearchPrefix + "?query={CVEListForImage(image:\"zot-test:0.0.1\"){CVEList{Id}}}") So(resp, ShouldNotBeNil) So(resp.StatusCode(), ShouldEqual, 200) - resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(baseURL + constants.FullSearchPrefix + "?query={CVEListForImage(image:\"zot-test:0.0.1\"){CVEList{Description}}}") + resp, _ = resty.R().SetBasicAuth(username, password).Get(baseURL + constants.FullSearchPrefix + "?query={CVEListForImage(image:\"zot-test:0.0.1\"){CVEList{Description}}}") So(resp, ShouldNotBeNil) So(resp.StatusCode(), ShouldEqual, 200) // Testing Invalid Search URL - resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(baseURL + constants.FullSearchPrefix + "?query={CVEListForImage(image:\"zot-test:0.0.1\"){Ta%20CVEList{Id%20Description%20Severity}}}") + resp, _ = resty.R().SetBasicAuth(username, password).Get(baseURL + constants.FullSearchPrefix + "?query={CVEListForImage(image:\"zot-test:0.0.1\"){Ta%20CVEList{Id%20Description%20Severity}}}") So(resp, ShouldNotBeNil) So(resp.StatusCode(), ShouldEqual, 422) - resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(baseURL + constants.FullSearchPrefix + "?query={ImageListForCVE(tet:\"CVE-2018-20482\"){Results{RepoName%20Tag}}}") + resp, _ = resty.R().SetBasicAuth(username, password).Get(baseURL + constants.FullSearchPrefix + "?query={ImageListForCVE(tet:\"CVE-2018-20482\"){Results{RepoName%20Tag}}}") So(resp, ShouldNotBeNil) So(resp.StatusCode(), ShouldEqual, 422) - resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(baseURL + constants.FullSearchPrefix + "?query={ImageistForCVE(id:\"CVE-2018-20482\"){Results{RepoName%20Tag}}}") + resp, _ = resty.R().SetBasicAuth(username, password).Get(baseURL + constants.FullSearchPrefix + "?query={ImageistForCVE(id:\"CVE-2018-20482\"){Results{RepoName%20Tag}}}") So(resp, ShouldNotBeNil) So(resp.StatusCode(), ShouldEqual, 422) - resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(baseURL + constants.FullSearchPrefix + "?query={ImageListForCVE(id:\"CVE-2018-20482\"){ame%20Tags}}") + resp, _ = resty.R().SetBasicAuth(username, password).Get(baseURL + constants.FullSearchPrefix + "?query={ImageListForCVE(id:\"CVE-2018-20482\"){ame%20Tags}}") So(resp, ShouldNotBeNil) So(resp.StatusCode(), ShouldEqual, 422) - resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(baseURL + constants.FullSearchPrefix + "?query={CVEListForImage(reo:\"zot-test:1.0.0\"){Tag%20CVEList{Id%20Description%20Severity}}}") + resp, _ = resty.R().SetBasicAuth(username, password).Get(baseURL + constants.FullSearchPrefix + "?query={CVEListForImage(reo:\"zot-test:1.0.0\"){Tag%20CVEList{Id%20Description%20Severity}}}") So(resp, ShouldNotBeNil) So(resp.StatusCode(), ShouldEqual, 422) - resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(baseURL + constants.FullSearchPrefix + "?query={ImageListForCVE(id:\"" + cveid + "\"){Results{RepoName%20Tag}}}") + resp, _ = resty.R().SetBasicAuth(username, password).Get(baseURL + constants.FullSearchPrefix + "?query={ImageListForCVE(id:\"" + cveid + "\"){Results{RepoName%20Tag}}}") So(resp, ShouldNotBeNil) So(resp.StatusCode(), ShouldEqual, 200) }) @@ -1615,8 +1616,8 @@ func TestFixedTags(t *testing.T) { func TestFixedTagsWithIndex(t *testing.T) { Convey("Test fixed tags", t, func() { tempDir := t.TempDir() - port := GetFreePort() - baseURL := GetBaseURL(port) + port := test.GetFreePort() + baseURL := test.GetBaseURL(port) conf := config.New() conf.HTTP.Port = port defaultVal := true @@ -1644,7 +1645,7 @@ func TestFixedTagsWithIndex(t *testing.T) { ctlr := api.NewController(conf) ctlr.Log.Logger = ctlr.Log.Output(writers) - cm := NewControllerManager(ctlr) + cm := test.NewControllerManager(ctlr) cm.StartAndWait(port) defer cm.StopServer() // push index with 2 manifests: one with vulns and one without @@ -1681,7 +1682,7 @@ func TestFixedTagsWithIndex(t *testing.T) { So(err, ShouldBeNil) // Wait for trivy db to download - found, err := ReadLogFileAndSearchString(logPath, "DB update completed, next update scheduled", 180*time.Second) + found, err := test.ReadLogFileAndSearchString(logPath, "DB update completed, next update scheduled", 180*time.Second) So(err, ShouldBeNil) So(found, ShouldBeTrue) diff --git a/pkg/extensions/search/userprefs_test.go b/pkg/extensions/search/userprefs_test.go index 7d0fda85..3844ec54 100644 --- a/pkg/extensions/search/userprefs_test.go +++ b/pkg/extensions/search/userprefs_test.go @@ -11,7 +11,6 @@ import ( "testing" . "github.com/smartystreets/goconvey/convey" - "golang.org/x/crypto/bcrypt" "gopkg.in/resty.v1" "zotregistry.io/zot/pkg/api" @@ -23,7 +22,7 @@ import ( "zotregistry.io/zot/pkg/log" "zotregistry.io/zot/pkg/storage" "zotregistry.io/zot/pkg/storage/local" - . "zotregistry.io/zot/pkg/test/common" + test "zotregistry.io/zot/pkg/test/common" "zotregistry.io/zot/pkg/test/deprecated" . "zotregistry.io/zot/pkg/test/image-utils" ) @@ -31,8 +30,8 @@ import ( //nolint:dupl func TestUserData(t *testing.T) { Convey("Test user stars and bookmarks", t, func(c C) { - port := GetFreePort() - baseURL := GetBaseURL(port) + port := test.GetFreePort() + baseURL := test.GetBaseURL(port) defaultVal := true accessibleRepo := "accessible-repo" @@ -44,10 +43,9 @@ func TestUserData(t *testing.T) { simpleUser := "test" simpleUserPassword := "test123" - twoCredTests := fmt.Sprintf("%s\n%s\n\n", getCredString(adminUser, adminPassword), - getCredString(simpleUser, simpleUserPassword)) - - htpasswdPath := MakeHtpasswdFileFromString(twoCredTests) + content := test.GetCredString(adminUser, adminPassword) + + test.GetCredString(simpleUser, simpleUserPassword) + htpasswdPath := test.MakeHtpasswdFileFromString(content) defer os.Remove(htpasswdPath) conf := config.New() @@ -94,7 +92,7 @@ func TestUserData(t *testing.T) { ctlr := api.NewController(conf) - ctlrManager := NewControllerManager(ctlr) + ctlrManager := test.NewControllerManager(ctlr) ctlrManager.StartAndWait(port) defer ctlrManager.StopServer() @@ -458,8 +456,8 @@ func TestUserData(t *testing.T) { } func TestChangingRepoState(t *testing.T) { - port := GetFreePort() - baseURL := GetBaseURL(port) + port := test.GetFreePort() + baseURL := test.GetBaseURL(port) defaultVal := true simpleUser := "test" @@ -468,9 +466,7 @@ func TestChangingRepoState(t *testing.T) { forbiddenRepo := "forbidden" accesibleRepo := "accesible" - credTests := fmt.Sprintf("%s\n\n", getCredString(simpleUser, simpleUserPassword)) - - htpasswdPath := MakeHtpasswdFileFromString(credTests) + htpasswdPath := test.MakeHtpasswdFileFromString(test.GetCredString(simpleUser, simpleUserPassword)) defer os.Remove(htpasswdPath) conf := config.New() @@ -562,7 +558,7 @@ func TestChangingRepoState(t *testing.T) { t.FailNow() } - ctlrManager := NewControllerManager(ctlr) + ctlrManager := test.NewControllerManager(ctlr) ctlrManager.StartAndWait(port) @@ -622,17 +618,15 @@ func TestChangingRepoState(t *testing.T) { func TestGlobalSearchWithUserPrefFiltering(t *testing.T) { Convey("Bookmarks and Stars filtering", t, func() { dir := t.TempDir() - port := GetFreePort() - baseURL := GetBaseURL(port) + port := test.GetFreePort() + baseURL := test.GetBaseURL(port) conf := config.New() conf.HTTP.Port = port conf.Storage.RootDirectory = dir simpleUser := "simpleUser" simpleUserPassword := "simpleUserPass" - credTests := fmt.Sprintf("%s\n\n", getCredString(simpleUser, simpleUserPassword)) - - htpasswdPath := MakeHtpasswdFileFromString(credTests) + htpasswdPath := test.MakeHtpasswdFileFromString(test.GetCredString(simpleUser, simpleUserPassword)) defer os.Remove(htpasswdPath) conf.HTTP.Auth = &config.AuthConfig{ @@ -664,7 +658,7 @@ func TestGlobalSearchWithUserPrefFiltering(t *testing.T) { ctlr := api.NewController(conf) - ctlrManager := NewControllerManager(ctlr) + ctlrManager := test.NewControllerManager(ctlr) ctlrManager.StartAndWait(port) defer ctlrManager.StopServer() @@ -750,8 +744,8 @@ func TestGlobalSearchWithUserPrefFiltering(t *testing.T) { So(foundRepos, ShouldContain, common.RepoSummary{Name: sbRepo, IsStarred: true, IsBookmarked: true}) // Filter by IsStarred = true && IsBookmarked = false - query = `{ - GlobalSearch(query:"repo", filter:{ IsStarred:true, IsBookmarked:false }) { + query = `{ + GlobalSearch(query:"repo", filter:{ IsStarred:true, IsBookmarked:false }) { Repos { Name IsStarred IsBookmarked } } }` @@ -771,8 +765,8 @@ func TestGlobalSearchWithUserPrefFiltering(t *testing.T) { So(foundRepos, ShouldContain, common.RepoSummary{Name: sRepo, IsStarred: true, IsBookmarked: false}) // Filter by IsBookmarked = true - query = `{ - GlobalSearch(query:"repo", filter:{ IsBookmarked:true }) { + query = `{ + GlobalSearch(query:"repo", filter:{ IsBookmarked:true }) { Repos { Name IsStarred IsBookmarked } } }` @@ -793,8 +787,8 @@ func TestGlobalSearchWithUserPrefFiltering(t *testing.T) { So(foundRepos, ShouldContain, common.RepoSummary{Name: sbRepo, IsStarred: true, IsBookmarked: true}) // Filter by IsBookmarked = true && IsStarred = false - query = `{ - GlobalSearch(query:"repo", filter:{ IsBookmarked:true, IsStarred:false }) { + query = `{ + GlobalSearch(query:"repo", filter:{ IsBookmarked:true, IsStarred:false }) { Repos { Name IsStarred IsBookmarked } } }` @@ -818,17 +812,15 @@ func TestGlobalSearchWithUserPrefFiltering(t *testing.T) { func TestExpandedRepoInfoWithUserPrefs(t *testing.T) { Convey("ExpandedRepoInfo with User Prefs", t, func() { dir := t.TempDir() - port := GetFreePort() - baseURL := GetBaseURL(port) + port := test.GetFreePort() + baseURL := test.GetBaseURL(port) conf := config.New() conf.HTTP.Port = port conf.Storage.RootDirectory = dir simpleUser := "simpleUser" simpleUserPassword := "simpleUserPass" - credTests := fmt.Sprintf("%s\n\n", getCredString(simpleUser, simpleUserPassword)) - - htpasswdPath := MakeHtpasswdFileFromString(credTests) + htpasswdPath := test.MakeHtpasswdFileFromString(test.GetCredString(simpleUser, simpleUserPassword)) defer os.Remove(htpasswdPath) conf.HTTP.Auth = &config.AuthConfig{ @@ -860,7 +852,7 @@ func TestExpandedRepoInfoWithUserPrefs(t *testing.T) { ctlr := api.NewController(conf) - ctlrManager := NewControllerManager(ctlr) + ctlrManager := test.NewControllerManager(ctlr) ctlrManager.StartAndWait(port) defer ctlrManager.StopServer() @@ -888,7 +880,7 @@ func TestExpandedRepoInfoWithUserPrefs(t *testing.T) { { ExpandedRepoInfo(repo:"sbrepo"){ Summary { - Name IsStarred IsBookmarked + Name IsStarred IsBookmarked } } }` @@ -923,7 +915,7 @@ func TestExpandedRepoInfoWithUserPrefs(t *testing.T) { { ExpandedRepoInfo(repo:"srepo"){ Summary { - Name IsStarred IsBookmarked + Name IsStarred IsBookmarked } } }` @@ -958,7 +950,7 @@ func TestExpandedRepoInfoWithUserPrefs(t *testing.T) { { ExpandedRepoInfo(repo:"brepo"){ Summary { - Name IsStarred IsBookmarked + Name IsStarred IsBookmarked } } }` @@ -989,7 +981,7 @@ func TestExpandedRepoInfoWithUserPrefs(t *testing.T) { { ExpandedRepoInfo(repo:"repo"){ Summary { - Name IsStarred IsBookmarked + Name IsStarred IsBookmarked } } }` @@ -1017,14 +1009,3 @@ func PutRepoStarURL(repo string) string { func PutRepoBookmarkURL(repo string) string { return fmt.Sprintf("?repo=%s&action=toggleBookmark", repo) } - -func getCredString(username, password string) string { - hash, err := bcrypt.GenerateFromPassword([]byte(password), 10) - if err != nil { - panic(err) - } - - usernameAndHash := fmt.Sprintf("%s:%s", username, string(hash)) - - return usernameAndHash -} diff --git a/pkg/extensions/sync/sync_test.go b/pkg/extensions/sync/sync_test.go index b0519c55..2236ca82 100644 --- a/pkg/extensions/sync/sync_test.go +++ b/pkg/extensions/sync/sync_test.go @@ -69,6 +69,8 @@ const ( ) var ( + username = "test" //nolint: gochecknoglobals + password = "test" //nolint: gochecknoglobals errSync = errors.New("sync error, src oci repo differs from dest one") errBadStatus = errors.New("bad http status") ) @@ -127,7 +129,7 @@ func makeUpstreamServer( var htpasswdPath string if basicAuth { - htpasswdPath = test.MakeHtpasswdFile() + htpasswdPath = test.MakeHtpasswdFileFromString(test.GetCredString(username, password)) srcConfig.HTTP.Auth = &config.AuthConfig{ HTPasswd: config.AuthHTPasswd{ Path: htpasswdPath, @@ -2376,7 +2378,8 @@ func TestBasicAuth(t *testing.T) { defer scm.StopServer() registryName := sync.StripRegistryTransport(srcBaseURL) - credentialsFile := makeCredentialsFile(fmt.Sprintf(`{"%s":{"username": "test", "password": "test"}}`, registryName)) + credentialsFile := makeCredentialsFile(fmt.Sprintf(`{"%s":{"username": "%s", "password": "%s"}}`, + registryName, username, password)) var tlsVerify bool @@ -2408,7 +2411,7 @@ func TestBasicAuth(t *testing.T) { var srcTagsList TagsList var destTagsList TagsList - resp, _ := srcClient.R().SetBasicAuth("test", "test").Get(srcBaseURL + "/v2/" + testImage + "/tags/list") + resp, _ := srcClient.R().SetBasicAuth(username, password).Get(srcBaseURL + "/v2/" + testImage + "/tags/list") So(resp, ShouldNotBeNil) So(resp.StatusCode(), ShouldEqual, http.StatusOK) @@ -2474,8 +2477,8 @@ func TestBasicAuth(t *testing.T) { registryName := sync.StripRegistryTransport(srcBaseURL) - credentialsFile := makeCredentialsFile(fmt.Sprintf(`{"%s":{"username": "test", "password": "invalid"}}`, - registryName)) + credentialsFile := makeCredentialsFile(fmt.Sprintf(`{"%s":{"username": "%s", "password": "invalid"}}`, + registryName, username)) var tlsVerify bool @@ -2541,8 +2544,8 @@ func TestBasicAuth(t *testing.T) { registryName := sync.StripRegistryTransport(srcBaseURL) - credentialsFile := makeCredentialsFile(fmt.Sprintf(`{"%s":{"username": "test", "password": "test"}}`, - registryName)) + credentialsFile := makeCredentialsFile(fmt.Sprintf(`{"%s":{"username": "%s", "password": "%s"}}`, + registryName, username, password)) err := os.Chmod(credentialsFile, 0o000) So(err, ShouldBeNil) @@ -2614,7 +2617,8 @@ func TestBasicAuth(t *testing.T) { defer scm.StopServer() registryName := sync.StripRegistryTransport(srcBaseURL) - credentialsFile := makeCredentialsFile(fmt.Sprintf(`{"%s":{"username": "test", "password": "test"}}`, registryName)) + credentialsFile := makeCredentialsFile(fmt.Sprintf(`{"%s":{"username": "%s", "password": "%s"}}`, + registryName, username, password)) defaultValue := false syncRegistryConfig := syncconf.RegistryConfig{ @@ -2654,7 +2658,7 @@ func TestBasicAuth(t *testing.T) { var srcTagsList TagsList var destTagsList TagsList - resp, _ := srcClient.R().SetBasicAuth("test", "test").Get(srcBaseURL + "/v2/" + testImage + "/tags/list") + resp, _ := srcClient.R().SetBasicAuth(username, password).Get(srcBaseURL + "/v2/" + testImage + "/tags/list") So(resp, ShouldNotBeNil) So(resp.StatusCode(), ShouldEqual, http.StatusOK) diff --git a/pkg/log/log_test.go b/pkg/log/log_test.go index 6a9fa0e3..ed1c770a 100644 --- a/pkg/log/log_test.go +++ b/pkg/log/log_test.go @@ -24,14 +24,7 @@ import ( "zotregistry.io/zot/pkg/api/config" "zotregistry.io/zot/pkg/api/constants" "zotregistry.io/zot/pkg/log" - . "zotregistry.io/zot/pkg/test/common" -) - -const ( - username = "test" - passphrase = "test" - AuthorizedNamespace = "everyone/isallowed" - UnauthorizedNamespace = "fortknox/notallowed" + test "zotregistry.io/zot/pkg/test/common" ) type AuditLog struct { @@ -49,8 +42,8 @@ func TestAuditLogMessages(t *testing.T) { Convey("Make a new controller", t, func() { dir := t.TempDir() - port := GetFreePort() - baseURL := GetBaseURL(port) + port := test.GetFreePort() + baseURL := test.GetBaseURL(port) conf := config.New() outputPath := dir + "/zot.log" @@ -59,7 +52,9 @@ func TestAuditLogMessages(t *testing.T) { conf.HTTP.Port = port - htpasswdPath := MakeHtpasswdFile() + username, seedUser := test.GenerateRandomString() + password, seedPass := test.GenerateRandomString() + htpasswdPath := test.MakeHtpasswdFileFromString(test.GetCredString(username, password)) defer os.Remove(htpasswdPath) conf.HTTP.Auth = &config.AuthConfig{ HTPasswd: config.AuthHTPasswd{ @@ -68,9 +63,10 @@ func TestAuditLogMessages(t *testing.T) { } ctlr := api.NewController(conf) + ctlr.Log.Info().Int64("seedUser", seedUser).Int64("seedPass", seedPass).Msg("random seed for username & password") ctlr.Config.Storage.RootDirectory = dir - ctlrManager := NewControllerManager(ctlr) + ctlrManager := test.NewControllerManager(ctlr) ctlrManager.StartAndWait(port) defer ctlrManager.StopServer() @@ -83,7 +79,7 @@ func TestAuditLogMessages(t *testing.T) { defer auditFile.Close() Convey("Test GET request", func() { - resp, err := resty.R().SetBasicAuth(username, passphrase).Get(baseURL + "/v2/") + resp, err := resty.R().SetBasicAuth(username, password).Get(baseURL + "/v2/") So(err, ShouldBeNil) So(resp, ShouldNotBeNil) So(resp.StatusCode(), ShouldEqual, http.StatusOK) @@ -93,8 +89,9 @@ func TestAuditLogMessages(t *testing.T) { }) Convey("Test POST request", func() { - path := "/v2/" + AuthorizedNamespace + "/blobs/uploads/" - resp, err := resty.R().SetBasicAuth(username, passphrase).Post(baseURL + path) + repoName := "everyone/isallowed" + path := "/v2/" + repoName + "/blobs/uploads/" + resp, err := resty.R().SetBasicAuth(username, password).Post(baseURL + path) So(err, ShouldBeNil) So(resp, ShouldNotBeNil) So(resp.StatusCode(), ShouldEqual, http.StatusAccepted) @@ -124,10 +121,10 @@ func TestAuditLogMessages(t *testing.T) { Convey("Test PUT and DELETE request", func() { // create upload path := "/v2/repo/blobs/uploads/" - resp, err := resty.R().SetBasicAuth(username, passphrase).Post(baseURL + path) + resp, err := resty.R().SetBasicAuth(username, password).Post(baseURL + path) So(err, ShouldBeNil) So(resp.StatusCode(), ShouldEqual, http.StatusAccepted) - loc := Location(baseURL, resp) + loc := test.Location(baseURL, resp) So(loc, ShouldNotBeEmpty) location := resp.Header().Get("Location") So(location, ShouldNotBeEmpty) @@ -159,11 +156,11 @@ func TestAuditLogMessages(t *testing.T) { // blob upload resp, err = resty.R().SetQueryParam("digest", digest.String()). - SetBasicAuth(username, passphrase). + SetBasicAuth(username, password). SetHeader("Content-Type", "application/octet-stream").SetBody(content).Put(loc) So(err, ShouldBeNil) So(resp.StatusCode(), ShouldEqual, http.StatusCreated) - blobLoc := Location(baseURL, resp) + blobLoc := test.Location(baseURL, resp) So(blobLoc, ShouldNotBeEmpty) So(resp.Header().Get(constants.DistContentDigestKey), ShouldNotBeEmpty) @@ -190,7 +187,7 @@ func TestAuditLogMessages(t *testing.T) { So(auditLog.Object, ShouldEqual, putPath) // delete this blob - resp, err = resty.R().SetBasicAuth(username, passphrase).Delete(blobLoc) + resp, err = resty.R().SetBasicAuth(username, password).Delete(blobLoc) So(err, ShouldBeNil) So(resp.StatusCode(), ShouldEqual, http.StatusAccepted) So(resp.Header().Get("Content-Length"), ShouldEqual, "0") @@ -220,10 +217,10 @@ func TestAuditLogMessages(t *testing.T) { Convey("Test PATCH request", func() { path := "/v2/repo/blobs/uploads/" - resp, err := resty.R().SetBasicAuth(username, passphrase).Post(baseURL + path) + resp, err := resty.R().SetBasicAuth(username, password).Post(baseURL + path) So(err, ShouldBeNil) So(resp.StatusCode(), ShouldEqual, http.StatusAccepted) - loc := Location(baseURL, resp) + loc := test.Location(baseURL, resp) So(loc, ShouldNotBeEmpty) location := resp.Header().Get("Location") So(location, ShouldNotBeEmpty) @@ -257,7 +254,7 @@ func TestAuditLogMessages(t *testing.T) { // write a chunk contentRange := fmt.Sprintf("%d-%d", 0, len(chunk)-1) - resp, err = resty.R().SetBasicAuth(username, passphrase). + resp, err = resty.R().SetBasicAuth(username, password). SetHeader("Content-Type", "application/octet-stream"). SetHeader("Content-Range", contentRange).SetBody(chunk).Patch(loc) So(err, ShouldBeNil) diff --git a/pkg/storage/cache_benchmark_test.go b/pkg/storage/cache_benchmark_test.go index 962eab9e..0a45cf81 100644 --- a/pkg/storage/cache_benchmark_test.go +++ b/pkg/storage/cache_benchmark_test.go @@ -11,6 +11,7 @@ import ( "zotregistry.io/zot/pkg/log" "zotregistry.io/zot/pkg/storage" "zotregistry.io/zot/pkg/storage/cache" + test "zotregistry.io/zot/pkg/test/common" ) const ( @@ -20,32 +21,20 @@ const ( datasetSize int = 5000 ) -func generateRandomString() string { - //nolint: gosec - seededRand := rand.New(rand.NewSource(time.Now().UnixNano())) - charset := "abcdefghijklmnopqrstuvwxyz" + "ABCDEFGHIJKLMNOPQRSTUVWXYZ" - - randomBytes := make([]byte, 10) - for i := range randomBytes { - randomBytes[i] = charset[seededRand.Intn(len(charset))] - } - - return string(randomBytes) -} - func generateData() map[godigest.Digest]string { dataMap := make(map[godigest.Digest]string, datasetSize) //nolint: gosec seededRand := rand.New(rand.NewSource(time.Now().UnixNano())) for i := 0; i < datasetSize; i++ { - randomString := generateRandomString() + randomString, _ := test.GenerateRandomString() counter := 0 for seededRand.Float32() < 0.5 && counter < 5 { counter++ randomString += "/" - randomString += generateRandomString() + rs, _ := test.GenerateRandomString() + randomString += rs } digest := godigest.FromString(randomString) dataMap[digest] = randomString @@ -209,7 +198,8 @@ func BenchmarkMixLocal(b *testing.B) { func BenchmarkPutLocalstack(b *testing.B) { log := log.NewLogger("error", "") - tableName := generateRandomString() + tableName, seed := test.GenerateRandomString() + log.Info().Int64("seed", seed).Msg("random seed for tableName") // Create Table _, err := exec.Command("aws", "dynamodb", "--region", region, "--endpoint-url", localEndpoint, "create-table", @@ -234,7 +224,8 @@ func BenchmarkPutLocalstack(b *testing.B) { func BenchmarkDeleteLocalstack(b *testing.B) { log := log.NewLogger("error", "") - tableName := generateRandomString() + tableName, seed := test.GenerateRandomString() + log.Info().Int64("seed", seed).Msg("random seed for tableName") // Create Table _, err := exec.Command("aws", "dynamodb", "--region", region, "--endpoint-url", localEndpoint, "create-table", @@ -263,7 +254,8 @@ func BenchmarkDeleteLocalstack(b *testing.B) { func BenchmarkHasLocalstack(b *testing.B) { log := log.NewLogger("error", "") - tableName := generateRandomString() + tableName, seed := test.GenerateRandomString() + log.Info().Int64("seed", seed).Msg("random seed for tableName") // Create Table _, err := exec.Command("aws", "dynamodb", "--region", region, "--endpoint-url", localEndpoint, "create-table", @@ -292,7 +284,8 @@ func BenchmarkHasLocalstack(b *testing.B) { func BenchmarkGetLocalstack(b *testing.B) { log := log.NewLogger("error", "") - tableName := generateRandomString() + tableName, seed := test.GenerateRandomString() + log.Info().Int64("seed", seed).Msg("random seed for tableName") // Create Table _, err := exec.Command("aws", "dynamodb", "--region", region, "--endpoint-url", localEndpoint, "create-table", @@ -331,7 +324,8 @@ func BenchmarkGetLocalstack(b *testing.B) { func BenchmarkMixLocalstack(b *testing.B) { log := log.NewLogger("error", "") - tableName := generateRandomString() + tableName, seed := test.GenerateRandomString() + log.Info().Int64("seed", seed).Msg("random seed for tableName") // Create Table _, err := exec.Command("aws", "dynamodb", "--region", region, "--endpoint-url", localEndpoint, "create-table", @@ -367,7 +361,8 @@ func BenchmarkMixLocalstack(b *testing.B) { func BenchmarkPutAWS(b *testing.B) { log := log.NewLogger("error", "") - tableName := generateRandomString() + tableName, seed := test.GenerateRandomString() + log.Info().Int64("seed", seed).Msg("random seed for tableName") // Create Table _, err := exec.Command("aws", "dynamodb", "--region", region, "--endpoint-url", awsEndpoint, "create-table", @@ -392,7 +387,8 @@ func BenchmarkPutAWS(b *testing.B) { func BenchmarkDeleteAWS(b *testing.B) { log := log.NewLogger("error", "") - tableName := generateRandomString() + tableName, seed := test.GenerateRandomString() + log.Info().Int64("seed", seed).Msg("random seed for tableName") // Create Table _, err := exec.Command("aws", "dynamodb", "--region", region, "--endpoint-url", awsEndpoint, "create-table", @@ -421,7 +417,8 @@ func BenchmarkDeleteAWS(b *testing.B) { func BenchmarkHasAWS(b *testing.B) { log := log.NewLogger("error", "") - tableName := generateRandomString() + tableName, seed := test.GenerateRandomString() + log.Info().Int64("seed", seed).Msg("random seed for tableName") // Create Table _, err := exec.Command("aws", "dynamodb", "--region", region, "--endpoint-url", awsEndpoint, "create-table", @@ -450,7 +447,8 @@ func BenchmarkHasAWS(b *testing.B) { func BenchmarkGetAWS(b *testing.B) { log := log.NewLogger("error", "") - tableName := generateRandomString() + tableName, seed := test.GenerateRandomString() + log.Info().Int64("seed", seed).Msg("random seed for tableName") // Create Table _, err := exec.Command("aws", "dynamodb", "--region", region, "--endpoint-url", awsEndpoint, "create-table", @@ -489,7 +487,8 @@ func BenchmarkGetAWS(b *testing.B) { func BenchmarkMixAWS(b *testing.B) { log := log.NewLogger("error", "") - tableName := generateRandomString() + tableName, seed := test.GenerateRandomString() + log.Info().Int64("seed", seed).Msg("random seed for tableName") // Create Table _, err := exec.Command("aws", "dynamodb", "--region", region, "--endpoint-url", awsEndpoint, "create-table", diff --git a/pkg/test/common/fs.go b/pkg/test/common/fs.go index 7319b1ab..fe7eb016 100644 --- a/pkg/test/common/fs.go +++ b/pkg/test/common/fs.go @@ -212,20 +212,13 @@ func ReadLogFileAndCountStringOccurence(logPath string, stringToMatch string, } } -func MakeHtpasswdFile() string { - // bcrypt(username="test", passwd="test") - content := "test:$2y$05$hlbSXDp6hzDLu6VwACS39ORvVRpr3OMR4RlJ31jtlaOEGnPjKZI1m\n" - - return MakeHtpasswdFileFromString(content) -} - func GetCredString(username, password string) string { hash, err := bcrypt.GenerateFromPassword([]byte(password), 10) if err != nil { panic(err) } - usernameAndHash := fmt.Sprintf("%s:%s", username, string(hash)) + usernameAndHash := fmt.Sprintf("%s:%s\n", username, string(hash)) return usernameAndHash } @@ -236,7 +229,6 @@ func MakeHtpasswdFileFromString(fileContent string) string { panic(err) } - // bcrypt(username="test", passwd="test") content := []byte(fileContent) if err := os.WriteFile(htpasswdFile.Name(), content, 0o600); err != nil { //nolint:gomnd panic(err) diff --git a/pkg/test/common/fs_test.go b/pkg/test/common/fs_test.go index 5165cf01..774bcbbd 100644 --- a/pkg/test/common/fs_test.go +++ b/pkg/test/common/fs_test.go @@ -11,6 +11,7 @@ import ( ispec "github.com/opencontainers/image-spec/specs-go/v1" . "github.com/smartystreets/goconvey/convey" + "golang.org/x/crypto/bcrypt" tcommon "zotregistry.io/zot/pkg/test/common" ) @@ -215,5 +216,61 @@ func TestCopyTestKeysAndCerts(t *testing.T) { err = tcommon.CopyTestKeysAndCerts(file) So(err, ShouldNotBeNil) + + // ----- /test/data doesn't exist ------ + workDir, err := os.Getwd() + So(err, ShouldBeNil) + defer func() { _ = os.Chdir(workDir) }() + + dir = t.TempDir() + file = filepath.Join(dir, "go.mod") + _, err = os.Create(file) + So(err, ShouldBeNil) + _, err = os.Stat(file) + So(err, ShouldBeNil) + err = os.Chdir(dir) + So(err, ShouldBeNil) + err = tcommon.CopyTestKeysAndCerts(dir) + So(err, ShouldNotBeNil) + So(err.Error(), ShouldContainSubstring, "CopyFiles os.Stat failed") + + // --- GetProjectRootDir call fails ----- + err = os.Chdir(os.TempDir()) + So(err, ShouldBeNil) + err = tcommon.CopyTestKeysAndCerts(os.TempDir()) + So(err, ShouldNotBeNil) + So(err, ShouldEqual, tcommon.ErrNoGoModFileFound) + }) +} + +func TestGetProjectRootDir(t *testing.T) { + Convey("GetProjectRootDir", t, func() { + path, err := tcommon.GetProjectRootDir() + So(err, ShouldBeNil) + So(len(path), ShouldBeGreaterThan, 0) + }) + Convey("GetProjectRootDir negative testing", t, func() { + workDir, err := os.Getwd() + So(err, ShouldBeNil) + defer func() { _ = os.Chdir(workDir) }() + + err = os.Chdir(os.TempDir()) + So(err, ShouldBeNil) + path, err := tcommon.GetProjectRootDir() + So(err, ShouldNotBeNil) + So(err, ShouldEqual, tcommon.ErrNoGoModFileFound) + So(path, ShouldBeZeroValue) + }) +} + +func TestGetCredString(t *testing.T) { + Convey("GetCredString panics", t, func() { + passwordSize := 100 + pass := make([]byte, passwordSize) + for i := 0; i < passwordSize; i++ { + pass[i] = 'Y' + } + f := func() { tcommon.GetCredString("testUser", string(pass)) } + So(f, ShouldPanicWith, bcrypt.ErrPasswordTooLong) }) } diff --git a/pkg/test/common/utils.go b/pkg/test/common/utils.go index 43c6102a..65696eb1 100644 --- a/pkg/test/common/utils.go +++ b/pkg/test/common/utils.go @@ -4,6 +4,7 @@ import ( "context" "errors" "fmt" + "math/rand" "net/http" "net/url" "os" @@ -15,9 +16,10 @@ import ( ) const ( - BaseURL = "http://127.0.0.1:%s" - BaseSecureURL = "https://127.0.0.1:%s" - SleepTime = 100 * time.Millisecond + BaseURL = "http://127.0.0.1:%s" + BaseSecureURL = "https://127.0.0.1:%s" + SleepTime = 100 * time.Millisecond + AuthorizationAllRepos = "**" ) type isser interface { @@ -177,3 +179,35 @@ func CustomRedirectPolicy(noOfRedirect int) resty.RedirectPolicy { return nil }) } + +// Generates a random string with length 10 from lower case & upper case characters and +// a seed that can be logged in tests (if test fails, you can reconstruct random string). +func GenerateRandomString() (string, int64) { + seed := time.Now().UnixNano() + //nolint: gosec + seededRand := rand.New(rand.NewSource(seed)) + charset := "abcdefghijklmnopqrstuvwxyz" + "ABCDEFGHIJKLMNOPQRSTUVWXYZ" + + randomBytes := make([]byte, 10) + for i := range randomBytes { + randomBytes[i] = charset[seededRand.Intn(len(charset))] + } + + return string(randomBytes), seed +} + +// Generates a random string with length 10 from lower case characters and digits and +// a seed that can be logged in tests (if test fails, you can reconstruct random string). +func GenerateRandomName() (string, int64) { + seed := time.Now().UnixNano() + //nolint: gosec + seededRand := rand.New(rand.NewSource(seed)) + charset := "abcdefghijklmnopqrstuvwxyz" + "0123456789" + + randomBytes := make([]byte, 10) + for i := range randomBytes { + randomBytes[i] = charset[seededRand.Intn(len(charset))] + } + + return string(randomBytes), seed +}