mirror of
https://github.com/project-zot/zot.git
synced 2024-12-30 22:34:13 -05:00
ada21ed842
Files were added to be built whether an extension is on or off. New build tags were added for each extension, while minimal and extended disappeared. added custom binary naming depending on extensions used and changed references from binary to binary-extended added automated blackbox tests for sync, search, scrub, metrics added contributor guidelines Signed-off-by: Alex Stan <alexandrustan96@yahoo.ro>
124 lines
2.9 KiB
Go
124 lines
2.9 KiB
Go
//go:build ui_base && needprivileges
|
|
// +build ui_base,needprivileges
|
|
|
|
package cli //nolint:testpackage
|
|
|
|
import (
|
|
"bytes"
|
|
"context"
|
|
"crypto/tls"
|
|
"crypto/x509"
|
|
"fmt"
|
|
"io/ioutil"
|
|
"os"
|
|
"os/exec"
|
|
"path/filepath"
|
|
"testing"
|
|
"time"
|
|
|
|
. "github.com/smartystreets/goconvey/convey"
|
|
"gopkg.in/resty.v1"
|
|
"zotregistry.io/zot/pkg/api"
|
|
"zotregistry.io/zot/pkg/api/config"
|
|
"zotregistry.io/zot/pkg/api/constants"
|
|
)
|
|
|
|
func TestElevatedPrivilegesTLSNewControllerPrivilegedCert(t *testing.T) {
|
|
Convey("Privileged certs - Make a new controller", t, func() {
|
|
cmd := exec.Command("mkdir", "-p", "/etc/containers/certs.d/127.0.0.1:8089/") // nolint: gosec
|
|
_, err := cmd.Output()
|
|
if err != nil {
|
|
panic(err)
|
|
}
|
|
|
|
defer exec.Command("rm", "-rf", "/etc/containers/certs.d/127.0.0.1:8089/")
|
|
|
|
wd, _ := os.Getwd()
|
|
os.Chdir("../../test/data")
|
|
|
|
clientGlob, _ := filepath.Glob("client.*")
|
|
caGlob, _ := filepath.Glob("ca.*")
|
|
|
|
for _, file := range clientGlob {
|
|
cmd = exec.Command("cp", file, "/etc/containers/certs.d/127.0.0.1:8089/")
|
|
res, err := cmd.CombinedOutput()
|
|
if err != nil {
|
|
panic(string(res))
|
|
}
|
|
}
|
|
|
|
for _, file := range caGlob {
|
|
cmd = exec.Command("cp", file, "/etc/containers/certs.d/127.0.0.1:8089/")
|
|
res, err := cmd.CombinedOutput()
|
|
if err != nil {
|
|
panic(string(res))
|
|
}
|
|
}
|
|
|
|
allGlob, _ := filepath.Glob("/etc/containers/certs.d/127.0.0.1:8089/*.key")
|
|
|
|
for _, file := range allGlob {
|
|
cmd = exec.Command("chmod", "a=rwx", file)
|
|
res, err := cmd.CombinedOutput()
|
|
if err != nil {
|
|
panic(string(res))
|
|
}
|
|
}
|
|
|
|
os.Chdir(wd)
|
|
|
|
caCert, err := ioutil.ReadFile(CACert)
|
|
So(err, ShouldBeNil)
|
|
caCertPool := x509.NewCertPool()
|
|
caCertPool.AppendCertsFromPEM(caCert)
|
|
|
|
resty.SetTLSClientConfig(&tls.Config{RootCAs: caCertPool, MinVersion: tls.VersionTLS12})
|
|
defer func() { resty.SetTLSClientConfig(nil) }()
|
|
conf := config.New()
|
|
conf.HTTP.Port = SecurePort2
|
|
conf.HTTP.TLS = &config.TLSConfig{
|
|
Cert: ServerCert,
|
|
Key: ServerKey,
|
|
CACert: CACert,
|
|
}
|
|
|
|
ctlr := api.NewController(conf)
|
|
ctlr.Config.Storage.RootDirectory = t.TempDir()
|
|
go func() {
|
|
// this blocks
|
|
if err := ctlr.Run(context.Background()); err != nil {
|
|
return
|
|
}
|
|
}()
|
|
|
|
// wait till ready
|
|
for {
|
|
_, err := resty.R().Get(BaseURL2)
|
|
if err == nil {
|
|
break
|
|
}
|
|
time.Sleep(100 * time.Millisecond)
|
|
}
|
|
|
|
defer func() {
|
|
ctx := context.Background()
|
|
_ = ctlr.Server.Shutdown(ctx)
|
|
}()
|
|
|
|
Convey("Certs in privileged path", func() {
|
|
configPath := makeConfigFile(
|
|
fmt.Sprintf(`{"configs":[{"_name":"imagetest","url":"%s%s%s","showspinner":false}]}`,
|
|
BaseSecureURL2, constants.RoutePrefix, constants.ExtCatalogPrefix))
|
|
defer os.Remove(configPath)
|
|
|
|
args := []string{"imagetest"}
|
|
imageCmd := NewImageCommand(new(searchService))
|
|
imageBuff := bytes.NewBufferString("")
|
|
imageCmd.SetOut(imageBuff)
|
|
imageCmd.SetErr(imageBuff)
|
|
imageCmd.SetArgs(args)
|
|
err := imageCmd.Execute()
|
|
So(err, ShouldBeNil)
|
|
})
|
|
})
|
|
}
|