github.com/mika/distribution@v2.2.2-0.20160108133430-a75790e3d8e0+incompatible/contrib/docker-integration/tls.bats

github.com/mika/distribution@v2.2.2-0.20160108133430-a75790e3d8e0+incompatible/contrib/docker-integration/tls.bats (about)

     1  # Registry host name, should be set to non-localhost address and match
     2  # DNS name in nginx/ssl certificates and what is installed in /etc/docker/cert.d
     3  hostname="localregistry"
     4  
     5  image="hello-world:latest"
     6  
     7  # Login information, should match values in nginx/test.passwd
     8  user="testuser"
     9  password="passpassword"
    10  email="distribution@docker.com"
    11  
    12  function setup() {
    13  	docker pull $image
    14  }
    15  
    16  # skip basic auth tests with Docker 1.6, where they don't pass due to
    17  # certificate issues
    18  function basic_auth_version_check() {
    19  	run sh -c 'docker version | fgrep -q "Client version: 1.6."'
    20  	if [ "$status" -eq 0 ]; then
    21  		skip "Basic auth tests don't support 1.6.x"
    22  	fi
    23  }
    24  
    25  # has_digest enforces the last output line is "Digest: sha256:..."
    26  # the input is the name of the array containing the output lines
    27  function has_digest() {
    28  	filtered=$(echo "$1" |sed -rn '/[dD]igest\: sha(256|384|512)/ p')
    29  	[ "$filtered" != "" ]
    30  }
    31  
    32  function login() {
    33  	run docker login -u $user -p $password -e $email $1
    34  	[ "$status" -eq 0 ]
    35  	# First line is WARNING about credential save
    36  	[ "${lines[1]}" = "Login Succeeded" ]
    37  }
    38  
    39  @test "Test valid certificates" {
    40  	docker tag -f $image $hostname:5440/$image
    41  	run docker push $hostname:5440/$image
    42  	[ "$status" -eq 0 ]
    43  	has_digest "$output"
    44  }
    45  
    46  @test "Test basic auth" {
    47  	basic_auth_version_check
    48  	login $hostname:5441
    49  	docker tag -f $image $hostname:5441/$image
    50  	run docker push $hostname:5441/$image
    51  	[ "$status" -eq 0 ]
    52  	has_digest "$output"
    53  }
    54  
    55  @test "Test TLS client auth" {
    56  	docker tag -f $image $hostname:5442/$image
    57  	run docker push $hostname:5442/$image
    58  	[ "$status" -eq 0 ]
    59  	has_digest "$output"
    60  }
    61  
    62  @test "Test TLS client with invalid certificate authority fails" {
    63  	docker tag -f $image $hostname:5443/$image
    64  	run docker push $hostname:5443/$image
    65  	[ "$status" -ne 0 ]
    66  }
    67  
    68  @test "Test basic auth with TLS client auth" {
    69  	basic_auth_version_check
    70  	login $hostname:5444
    71  	docker tag -f $image $hostname:5444/$image
    72  	run docker push $hostname:5444/$image
    73  	[ "$status" -eq 0 ]
    74  	has_digest "$output"
    75  }
    76  
    77  @test "Test unknown certificate authority fails" {
    78  	docker tag -f $image $hostname:5445/$image
    79  	run docker push $hostname:5445/$image
    80  	[ "$status" -ne 0 ]
    81  }
    82  
    83  @test "Test basic auth with unknown certificate authority fails" {
    84  	run login $hostname:5446
    85  	[ "$status" -ne 0 ]
    86  	docker tag -f $image $hostname:5446/$image
    87  	run docker push $hostname:5446/$image
    88  	[ "$status" -ne 0 ]
    89  }
    90  
    91  @test "Test TLS client auth to server with unknown certificate authority fails" {
    92  	docker tag -f $image $hostname:5447/$image
    93  	run docker push $hostname:5447/$image
    94  	[ "$status" -ne 0 ]
    95  }
    96  
    97  @test "Test failure to connect to server fails to fallback to SSLv3" {
    98  	docker tag -f $image $hostname:5448/$image
    99  	run docker push $hostname:5448/$image
   100  	[ "$status" -ne 0 ]
   101  }
   102