# Note: Intended to be run as "make run-blackbox-tests" or "make run-blackbox-ci" # Makefile target installs & checks all necessary tooling # Extra tools that are not covered in Makefile target needs to be added in verify_prerequisites() load helpers_zot load helpers_metrics function verify_prerequisites() { if [ ! $(command -v curl) ]; then echo "you need to install curl as a prerequisite to running the tests" >&3 return 1 fi if [ ! $(command -v htpasswd) ]; then echo "you need to install htpasswd as a prerequisite to running the tests" >&3 return 1 fi return 0 } function setup_file() { # verify prerequisites are available if ! $(verify_prerequisites); then exit 1 fi # Setup zot server zot_root_dir=${BATS_FILE_TMPDIR}/zot echo ${zot_root_dir} >&3 zot_log_file=${zot_root_dir}/zot-log.json zot_config_file=${BATS_FILE_TMPDIR}/zot_config.json zot_htpasswd_file=${BATS_FILE_TMPDIR}/zot_htpasswd zot_port=$(get_free_port) echo ${zot_port} > ${BATS_FILE_TMPDIR}/zot.port htpasswd -Bbn ${AUTH_USER} ${AUTH_PASS} >> ${zot_htpasswd_file} htpasswd -Bbn ${METRICS_USER} ${METRICS_PASS} >> ${zot_htpasswd_file} mkdir -p ${zot_root_dir} touch ${zot_log_file} cat >${zot_config_file} <<EOF { "distSpecVersion": "1.1.0", "storage": { "rootDirectory": "${zot_root_dir}" }, "http": { "address": "0.0.0.0", "port": "${zot_port}", "auth": { "htpasswd": { "path": "${zot_htpasswd_file}" } }, "accessControl": { "metrics":{ "users": ["${METRICS_USER}"] }, "repositories": { "**": { "anonymousPolicy": [ "read", "create" ], "defaultPolicy": ["read"] } } } }, "log": { "level": "debug", "output": "${zot_log_file}" } } EOF zot_serve ${ZOT_MINIMAL_PATH} ${zot_config_file} wait_zot_reachable ${zot_port} } function teardown() { # conditionally printing on failure is possible from teardown but not from from teardown_file cat ${BATS_FILE_TMPDIR}/zot/zot-log.json } function teardown_file() { zot_stop_all } @test "unauthorized request to metrics" { # anonymous policy: metrics endpoint should not be available # 401 - http.StatusUnauthorized zot_port=`cat ${BATS_FILE_TMPDIR}/zot.port` run metrics_route_check ${zot_port} "" 401 [ "$status" -eq 0 ] # user is not in htpasswd run metrics_route_check ${zot_port} "-u test:wrongpass" 401 [ "$status" -eq 0 ] # proper user/pass tuple from htpasswd, but user not allowed to access metrics # 403 - http.StatusForbidden run metrics_route_check ${zot_port} "-u ${AUTH_USER}:${AUTH_PASS}" 403 [ "$status" -eq 0 ] } @test "authorized request: metrics enabled" { zot_port=`cat ${BATS_FILE_TMPDIR}/zot.port` run metrics_route_check ${zot_port} "-u ${METRICS_USER}:${METRICS_PASS}" 200 [ "$status" -eq 0 ] }