mirror of
https://github.com/project-zot/zot.git
synced 2024-12-16 21:56:37 -05:00
c6b822f3dd
fix(authz): fix isAdmin not using groups to determine if a user is admin. fix(authz): return 401 instead of 403 403 is correct as per HTTP spec However authz is not part of dist-spec and clients know only about 401 So this is a compromise. Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
158 lines
4.9 KiB
Bash
158 lines
4.9 KiB
Bash
load helpers_zot
|
|
|
|
function verify_prerequisites {
|
|
if [ ! $(command -v curl) ]; then
|
|
echo "you need to install curl as a prerequisite to running the tests" >&3
|
|
return 1
|
|
fi
|
|
|
|
if [ ! $(command -v jq) ]; then
|
|
echo "you need to install jq as a prerequisite to running the tests" >&3
|
|
return 1
|
|
fi
|
|
|
|
if [ ! $(command -v htpasswd) ]; then
|
|
echo "you need to install htpasswd as a prerequisite to running the tests" >&3
|
|
return 1
|
|
fi
|
|
|
|
return 0
|
|
}
|
|
|
|
function setup_file() {
|
|
# Verify prerequisites are available
|
|
if ! $(verify_prerequisites); then
|
|
exit 1
|
|
fi
|
|
|
|
# Setup zot server
|
|
local zot_root_dir=${BATS_FILE_TMPDIR}/zot
|
|
local zot_config_file=${BATS_FILE_TMPDIR}/zot_config.json
|
|
local zot_htpasswd_file=${BATS_FILE_TMPDIR}/zot_htpasswd
|
|
htpasswd -Bbn test test123 >> ${zot_htpasswd_file}
|
|
|
|
echo ${zot_root_dir} >&3
|
|
|
|
mkdir -p ${zot_root_dir}
|
|
|
|
cat > ${zot_config_file}<<EOF
|
|
{
|
|
"distSpecVersion":"1.1.0-dev",
|
|
"storage":{
|
|
"dedupe": true,
|
|
"gc": true,
|
|
"gcDelay": "1h",
|
|
"gcInterval": "6h",
|
|
"rootDirectory": "${zot_root_dir}"
|
|
},
|
|
"http": {
|
|
"address": "127.0.0.1",
|
|
"port": "8080",
|
|
"realm":"zot",
|
|
"auth": {
|
|
"htpasswd": {
|
|
"path": "${zot_htpasswd_file}"
|
|
},
|
|
"failDelay": 5
|
|
},
|
|
"accessControl": {
|
|
"repositories": {
|
|
"**": {
|
|
"anonymousPolicy": ["read"],
|
|
"defaultPolicy": ["read", "create"]
|
|
}
|
|
},
|
|
"adminPolicy": {
|
|
"users": ["admin"],
|
|
"actions": ["read", "create", "update", "delete"]
|
|
}
|
|
}
|
|
},
|
|
"log":{
|
|
"level":"debug"
|
|
}
|
|
}
|
|
EOF
|
|
zot_serve ${ZOT_PATH} ${zot_config_file}
|
|
wait_zot_reachable 8080
|
|
}
|
|
|
|
function teardown_file() {
|
|
zot_stop_all
|
|
}
|
|
|
|
@test "push image with regclient" {
|
|
run regctl registry set localhost:8080 --tls disabled
|
|
run regctl registry login localhost:8080 -u test -p test123
|
|
[ "$status" -eq 0 ]
|
|
run regctl image copy ocidir://${TEST_DATA_DIR}/golang:1.20 localhost:8080/test-regclient
|
|
[ "$status" -eq 0 ]
|
|
}
|
|
|
|
@test "pull image with regclient" {
|
|
run regctl image copy localhost:8080/test-regclient ocidir://${TEST_DATA_DIR}/golang:1.20
|
|
[ "$status" -eq 0 ]
|
|
}
|
|
|
|
@test "push OCI artifact with regclient" {
|
|
run regctl artifact put localhost:8080/artifact:demo <<EOF
|
|
this is an artifact
|
|
EOF
|
|
[ "$status" -eq 0 ]
|
|
}
|
|
|
|
@test "pull OCI artifact with regclient" {
|
|
run regctl manifest get localhost:8080/artifact:demo
|
|
[ "$status" -eq 0 ]
|
|
run regctl artifact get localhost:8080/artifact:demo
|
|
[ "$status" -eq 0 ]
|
|
[ "${lines[-1]}" == "this is an artifact" ]
|
|
}
|
|
|
|
@test "push OCI artifact references with regclient" {
|
|
run regctl artifact put localhost:8080/manifest-ref:demo <<EOF
|
|
test artifact
|
|
EOF
|
|
[ "$status" -eq 0 ]
|
|
run regctl artifact list localhost:8080/manifest-ref:demo --format raw-body
|
|
[ "$status" -eq 0 ]
|
|
[ $(echo "${lines[-1]}" | jq '.manifests | length') -eq 0 ]
|
|
run regctl artifact put --annotation demo=true --annotation format=oci --artifact-type "application/vnd.example.icecream.v1" --subject localhost:8080/manifest-ref:demo << EOF
|
|
test reference
|
|
EOF
|
|
[ "$status" -eq 0 ]
|
|
# with artifact media-type
|
|
run regctl artifact put localhost:8080/artifact-ref:demo <<EOF
|
|
test artifact
|
|
EOF
|
|
[ "$status" -eq 0 ]
|
|
run regctl artifact list localhost:8080/artifact-ref:demo --format raw-body
|
|
[ "$status" -eq 0 ]
|
|
[ $(echo "${lines[-1]}" | jq '.manifests | length') -eq 0 ]
|
|
run regctl artifact put --annotation demo=true --annotation format=oci --artifact-type "application/vnd.example.icecream.v1" --subject localhost:8080/artifact-ref:demo << EOF
|
|
test reference
|
|
EOF
|
|
[ "$status" -eq 0 ]
|
|
}
|
|
|
|
@test "list OCI artifact references with regclient" {
|
|
run regctl artifact list localhost:8080/manifest-ref:demo --format raw-body
|
|
[ "$status" -eq 0 ]
|
|
[ $(echo "${lines[-1]}" | jq '.manifests | length') -eq 1 ]
|
|
run regctl artifact list --filter-artifact-type "application/vnd.example.icecream.v1" localhost:8080/manifest-ref:demo --format raw-body
|
|
[ "$status" -eq 0 ]
|
|
[ $(echo "${lines[-1]}" | jq '.manifests | length') -eq 1 ]
|
|
run regctl artifact list --filter-artifact-type "application/invalid" localhost:8080/manifest-ref:demo --format raw-body
|
|
[ "$status" -eq 0 ]
|
|
[ $(echo "${lines[-1]}" | jq '.manifests | length') -eq 0 ]
|
|
# with artifact media-type
|
|
run regctl artifact list localhost:8080/artifact-ref:demo --format raw-body
|
|
[ "$status" -eq 0 ]
|
|
[ $(echo "${lines[-1]}" | jq '.manifests | length') -eq 1 ]
|
|
run regctl artifact list --filter-artifact-type "application/vnd.example.icecream.v1" localhost:8080/artifact-ref:demo --format raw-body
|
|
[ "$status" -eq 0 ]
|
|
[ $(echo "${lines[-1]}" | jq '.manifests | length') -eq 1 ]
|
|
run regctl artifact list --filter-artifact-type "application/invalid" localhost:8080/artifact-ref:demo --format raw-body
|
|
[ "$status" -eq 0 ]
|
|
[ $(echo "${lines[-1]}" | jq '.manifests | length') -eq 0 ]
|
|
}
|