mirror of
https://github.com/project-zot/zot.git
synced 2025-01-06 22:40:28 -05:00
4e5db84cb1
BREAKING CHANGE: the dist spec version in the config files needs to be bumped to 1.1.0 in order for the config verification to pass without warnings. Also fix 1 dependabot alert for helm. Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
117 lines
3.2 KiB
Bash
117 lines
3.2 KiB
Bash
# Note: Intended to be run as "make run-blackbox-tests" or "make run-blackbox-ci"
|
|
# Makefile target installs & checks all necessary tooling
|
|
# Extra tools that are not covered in Makefile target needs to be added in verify_prerequisites()
|
|
|
|
load helpers_zot
|
|
load helpers_metrics
|
|
|
|
function verify_prerequisites() {
|
|
if [ ! $(command -v curl) ]; then
|
|
echo "you need to install curl as a prerequisite to running the tests" >&3
|
|
return 1
|
|
fi
|
|
|
|
if [ ! $(command -v htpasswd) ]; then
|
|
echo "you need to install htpasswd as a prerequisite to running the tests" >&3
|
|
return 1
|
|
fi
|
|
|
|
return 0
|
|
}
|
|
|
|
function setup_file() {
|
|
# verify prerequisites are available
|
|
if ! $(verify_prerequisites); then
|
|
exit 1
|
|
fi
|
|
|
|
# Setup zot server
|
|
zot_root_dir=${BATS_FILE_TMPDIR}/zot
|
|
echo ${zot_root_dir} >&3
|
|
zot_log_file=${zot_root_dir}/zot-log.json
|
|
zot_config_file=${BATS_FILE_TMPDIR}/zot_config.json
|
|
zot_htpasswd_file=${BATS_FILE_TMPDIR}/zot_htpasswd
|
|
zot_port=$(get_free_port)
|
|
echo ${zot_port} > ${BATS_FILE_TMPDIR}/zot.port
|
|
htpasswd -Bbn ${AUTH_USER} ${AUTH_PASS} >> ${zot_htpasswd_file}
|
|
htpasswd -Bbn ${METRICS_USER} ${METRICS_PASS} >> ${zot_htpasswd_file}
|
|
|
|
mkdir -p ${zot_root_dir}
|
|
touch ${zot_log_file}
|
|
cat >${zot_config_file} <<EOF
|
|
{
|
|
"distSpecVersion": "1.1.0",
|
|
"storage": {
|
|
"rootDirectory": "${zot_root_dir}"
|
|
},
|
|
"http": {
|
|
"address": "0.0.0.0",
|
|
"port": "${zot_port}",
|
|
"auth": {
|
|
"htpasswd": {
|
|
"path": "${zot_htpasswd_file}"
|
|
}
|
|
},
|
|
"accessControl": {
|
|
"metrics":{
|
|
"users": ["${METRICS_USER}"]
|
|
},
|
|
"repositories": {
|
|
"**": {
|
|
"anonymousPolicy": [
|
|
"read"
|
|
],
|
|
"defaultPolicy": ["read","create"]
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"log": {
|
|
"level": "debug",
|
|
"output": "${zot_log_file}"
|
|
},
|
|
"extensions": {
|
|
"metrics": {
|
|
"enable": true,
|
|
"prometheus": {
|
|
"path": "/metrics"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
EOF
|
|
|
|
zot_serve ${ZOT_PATH} ${zot_config_file}
|
|
wait_zot_reachable ${zot_port}
|
|
|
|
}
|
|
|
|
function teardown() {
|
|
# conditionally printing on failure is possible from teardown but not from from teardown_file
|
|
cat ${BATS_FILE_TMPDIR}/zot/zot-log.json
|
|
}
|
|
|
|
function teardown_file() {
|
|
zot_stop_all
|
|
}
|
|
|
|
@test "unauthorized request to metrics" {
|
|
# anonymous policy: metrics endpoint should not be available
|
|
# 401 - http.StatusUnauthorized
|
|
zot_port=`cat ${BATS_FILE_TMPDIR}/zot.port`
|
|
run metrics_route_check ${zot_port} "" 401
|
|
[ "$status" -eq 0 ]
|
|
# user is not in htpasswd
|
|
run metrics_route_check ${zot_port} "-u unlucky:wrongpass" 401
|
|
[ "$status" -eq 0 ]
|
|
# proper user/pass tuple from htpasswd, but user not allowed to access metrics
|
|
# 403 - http.StatusForbidden
|
|
run metrics_route_check ${zot_port} "-u ${AUTH_USER}:${AUTH_PASS}" 403
|
|
[ "$status" -eq 0 ]
|
|
}
|
|
|
|
@test "authorized request: metrics enabled" {
|
|
zot_port=`cat ${BATS_FILE_TMPDIR}/zot.port`
|
|
run metrics_route_check ${zot_port} "-u ${METRICS_USER}:${METRICS_PASS}" 200
|
|
[ "$status" -eq 0 ]
|
|
}
|