zotregistry.dev/zot@v1.4.4-0.20240314164342-eec277e14d20/test/blackbox/detect_manifest_collision.bats (about)

     1  # Note: Intended to be run as "make run-blackbox-tests" or "make run-blackbox-ci"
     2  #       Makefile target installs & checks all necessary tooling
     3  #       Extra tools that are not covered in Makefile target needs to be added in verify_prerequisites()
     4  
     5  load helpers_zot
     6  
     7  function verify_prerequisites {
     8      if [ ! $(command -v htpasswd) ]; then
     9          echo "you need to install htpasswd as a prerequisite to running the tests" >&3
    10          return 1
    11      fi
    12  
    13      return 0
    14  }
    15  
    16  function setup_file() {
    17      # Verify prerequisites are available
    18      if ! $(verify_prerequisites); then
    19          exit 1
    20      fi
    21  
    22      # Download test data to folder common for the entire suite, not just this file
    23      skopeo --insecure-policy copy --format=oci docker://ghcr.io/project-zot/test-images/busybox:1.36 oci:${TEST_DATA_DIR}/busybox:1.36
    24  
    25      # Setup zot server
    26      local zot_root_dir=${BATS_FILE_TMPDIR}/zot
    27      local zot_config_file=${BATS_FILE_TMPDIR}/zot_config.json
    28      local oci_data_dir=${BATS_FILE_TMPDIR}/oci
    29      local zot_htpasswd_file=${BATS_FILE_TMPDIR}/htpasswd
    30      mkdir -p ${zot_root_dir}
    31      mkdir -p ${oci_data_dir}
    32      zot_port=$(get_free_port)
    33      echo ${zot_port} > ${BATS_FILE_TMPDIR}/zot.port
    34      htpasswd -Bbn ${AUTH_USER} ${AUTH_PASS} >> ${zot_htpasswd_file}
    35      cat > ${zot_config_file}<<EOF
    36  {
    37      "distSpecVersion": "1.1.0",
    38      "storage": {
    39          "rootDirectory": "${zot_root_dir}"
    40      },
    41      "http": {
    42          "address": "127.0.0.1",
    43          "port": "${zot_port}",
    44          "auth": {
    45              "htpasswd": {
    46                  "path": "${zot_htpasswd_file}"
    47              }
    48          },
    49          "accessControl": {
    50              "repositories": {
    51                  "**": {
    52                      "anonymousPolicy": [
    53                          "read",
    54                          "create",
    55                          "delete",
    56                          "detectManifestCollision"
    57                      ],
    58                      "policies": [
    59                          {
    60                              "users": [
    61                                  "${AUTH_USER}"
    62                              ],
    63                              "actions": [
    64                                  "read",
    65                                  "create",
    66                                  "delete"
    67                              ]
    68                          }
    69                      ]
    70                  }
    71              }
    72          }
    73      },
    74      "log": {
    75          "level": "debug",
    76          "output": "${BATS_FILE_TMPDIR}/zot.log"
    77      }
    78  }
    79  EOF
    80      zot_serve ${ZOT_PATH} ${zot_config_file}
    81      wait_zot_reachable ${zot_port}
    82  }
    83  
    84  function teardown() {
    85      # conditionally printing on failure is possible from teardown but not from from teardown_file
    86      cat ${BATS_FILE_TMPDIR}/zot.log
    87  }
    88  
    89  function teardown_file() {
    90      zot_stop_all
    91  }
    92  
    93  @test "push 2 images with same manifest with user policy" {
    94      zot_port=`cat ${BATS_FILE_TMPDIR}/zot.port`
    95      run skopeo --insecure-policy copy --dest-creds ${AUTH_USER}:${AUTH_PASS} --dest-tls-verify=false \
    96          oci:${TEST_DATA_DIR}/busybox:1.36 \
    97          docker://127.0.0.1:${zot_port}/busybox:1.36
    98      [ "$status" -eq 0 ]
    99  
   100      run skopeo --insecure-policy copy --dest-creds ${AUTH_USER}:${AUTH_PASS} --dest-tls-verify=false \
   101          oci:${TEST_DATA_DIR}/busybox:1.36 \
   102          docker://127.0.0.1:${zot_port}/busybox:latest
   103      [ "$status" -eq 0 ]
   104  }
   105  
   106  @test "skopeo delete image with anonymous policy should fail" {
   107      zot_port=`cat ${BATS_FILE_TMPDIR}/zot.port`
   108      # skopeo deletes by digest, so it should fail with detectManifestCollision policy
   109      run skopeo --insecure-policy delete --tls-verify=false \
   110          docker://127.0.0.1:${zot_port}/busybox:1.36
   111      [ "$status" -eq 1 ]
   112      # conflict status code
   113      [[ "$output" == *"manifest invalid"* ]]
   114  }
   115  
   116  @test "regctl delete image with anonymous policy should fail" {
   117      zot_port=`cat ${BATS_FILE_TMPDIR}/zot.port`
   118      run regctl registry set localhost:${zot_port} --tls disabled
   119      [ "$status" -eq 0 ]
   120  
   121      run regctl image delete localhost:${zot_port}/busybox:1.36 --force-tag-dereference
   122      [ "$status" -eq 1 ]
   123      # conflict status code
   124      [[ "$output" == *"409"* ]]
   125  }
   126  
   127  @test "delete image with user policy should work" {
   128      zot_port=`cat ${BATS_FILE_TMPDIR}/zot.port`
   129      # should work without detectManifestCollision policy
   130      run skopeo --insecure-policy delete --creds ${AUTH_USER}:${AUTH_PASS} --tls-verify=false \
   131          docker://127.0.0.1:${zot_port}/busybox:1.36
   132      [ "$status" -eq 0 ]
   133  }