k8s.io/registry.k8s.io@v0.3.1/cmd/archeio/internal/app/buckets_integration_test.go

k8s.io/registry.k8s.io@v0.3.1/cmd/archeio/internal/app/buckets_integration_test.go (about)

     1  //go:build !nointegration
     2  // +build !nointegration
     3  
     4  /*
     5  Copyright 2022 The Kubernetes Authors.
     6  
     7  Licensed under the Apache License, Version 2.0 (the "License");
     8  you may not use this file except in compliance with the License.
     9  You may obtain a copy of the License at
    10  
    11      http://www.apache.org/licenses/LICENSE-2.0
    12  
    13  Unless required by applicable law or agreed to in writing, software
    14  distributed under the License is distributed on an "AS IS" BASIS,
    15  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    16  See the License for the specific language governing permissions and
    17  limitations under the License.
    18  */
    19  
    20  package app
    21  
    22  import (
    23  	"bytes"
    24  	"crypto/sha256"
    25  	"encoding/hex"
    26  	"io"
    27  	"net/http"
    28  	"testing"
    29  
    30  	"k8s.io/registry.k8s.io/pkg/net/cloudcidrs"
    31  )
    32  
    33  func TestIntegrationCachedBlobChecker(t *testing.T) {
    34  	t.Parallel()
    35  	bucket := awsRegionToHostURL("us-east-1", "")
    36  	blobs := newCachedBlobChecker()
    37  	testCases := []struct {
    38  		Name         string
    39  		BlobURL      string
    40  		Bucket       string
    41  		HashKey      string
    42  		ExpectExists bool
    43  	}{
    44  		{
    45  			Name:         "known bucket entry",
    46  			BlobURL:      bucket + "/containers/images/sha256:da86e6ba6ca197bf6bc5e9d900febd906b133eaa4750e6bed647b0fbe50ed43e",
    47  			ExpectExists: true,
    48  		},
    49  		// to cover the case that we get a cache hit
    50  		{
    51  			Name:         "same-known bucket entry",
    52  			BlobURL:      bucket + "/containers/images/sha256:da86e6ba6ca197bf6bc5e9d900febd906b133eaa4750e6bed647b0fbe50ed43e",
    53  			ExpectExists: true,
    54  		},
    55  		{
    56  			Name:         "known bucket, bad entry",
    57  			BlobURL:      bucket + "/c0ntainers/images/sha256:da86e6ba6ca197bf6bc5e9d900febd906b133eaa4750e6bed647b0fbe50ed43e",
    58  			ExpectExists: false,
    59  		},
    60  		{
    61  			Name:         "bogus bucket on domain without webserver",
    62  			BlobURL:      "http://bogus.k8s.io/foo",
    63  			ExpectExists: false,
    64  		},
    65  	}
    66  	// run test cases in parallel and then serial
    67  	// this populates the cache on the first run while doing parallel testing
    68  	// and allows us to check cached behavior on the second run
    69  	for i := range testCases {
    70  		tc := testCases[i]
    71  		t.Run(tc.Name, func(t *testing.T) {
    72  			url := tc.BlobURL
    73  			exists := blobs.BlobExists(url)
    74  			if exists != tc.ExpectExists {
    75  				t.Fatalf("expected: %v but got: %v", tc.ExpectExists, exists)
    76  			}
    77  		})
    78  	}
    79  	for i := range testCases {
    80  		tc := testCases[i]
    81  		t.Run(tc.Name, func(t *testing.T) {
    82  			url := tc.BlobURL
    83  			exists := blobs.BlobExists(url)
    84  			if exists != tc.ExpectExists {
    85  				t.Fatalf("expected: %v but got: %v", tc.ExpectExists, exists)
    86  			}
    87  		})
    88  	}
    89  }
    90  
    91  func TestIntegrationAllBucketsValid(t *testing.T) {
    92  	t.Parallel()
    93  	// a known pause image blob
    94  	const testBlob = "da86e6ba6ca197bf6bc5e9d900febd906b133eaa4750e6bed647b0fbe50ed43e"
    95  	expectedDigest, err := hex.DecodeString(testBlob)
    96  	if err != nil {
    97  		t.Fatalf("Failed to decode test blob digest: %v", err)
    98  	}
    99  	// iterate all AWS regions and their mapped buckets
   100  	ipInfos := cloudcidrs.AllIPInfos()
   101  	for i := range ipInfos {
   102  		ipInfo := ipInfos[i]
   103  		// we only have bucket mappings for AWS currently
   104  		// otherwise these are the deployed terraform defaults,
   105  		// which are a subset of the buckets for AWS-external traffic
   106  		// see also: https://github.com/kubernetes/registry.k8s.io/issues/194
   107  		if ipInfo.Cloud != cloudcidrs.AWS {
   108  			continue
   109  		}
   110  		// skip regions that aren't mapped and would've used the default
   111  		baseURL := awsRegionToHostURL(ipInfo.Region, "")
   112  		if baseURL == "" {
   113  			continue
   114  		}
   115  		// for all remaining regions, fetch a real blob to make sure this
   116  		// bucket will work
   117  		t.Run(ipInfo.Region, func(t *testing.T) {
   118  			t.Parallel()
   119  			url := baseURL + "/containers/images/sha256:" + testBlob
   120  			// this is test code, the URL is not user supplied
   121  			// nolint:gosec
   122  			r, err := http.Get(url)
   123  			if err != nil {
   124  				t.Fatalf("Failed to get %q: %v", url, err)
   125  			}
   126  			defer r.Body.Close()
   127  			b, err := io.ReadAll(r.Body)
   128  			if err != nil {
   129  				t.Fatalf("Failed to read body for %q: %v", url, err)
   130  			}
   131  			digest := sha256.Sum256(b)
   132  			if !bytes.Equal(digest[:], expectedDigest) {
   133  				t.Fatalf("Digest for %q was %q but expected %q", url, hex.EncodeToString(digest[:]), hex.EncodeToString(expectedDigest))
   134  			}
   135  		})
   136  	}
   137  }