zotregistry.io/zot@v1.4.4-0.20231124084042-02a8ed785457/test/blackbox/anonymous_policy.bats (about) 1 # Note: Intended to be run as "make run-blackbox-tests" or "make run-blackbox-ci" 2 # Makefile target installs & checks all necessary tooling 3 # Extra tools that are not covered in Makefile target needs to be added in verify_prerequisites() 4 5 load helpers_zot 6 7 function verify_prerequisites { 8 if [ ! $(command -v htpasswd) ]; then 9 echo "you need to install htpasswd as a prerequisite to running the tests" >&3 10 return 1 11 fi 12 13 return 0 14 } 15 16 function setup_file() { 17 # Verify prerequisites are available 18 if ! $(verify_prerequisites); then 19 exit 1 20 fi 21 22 # Download test data to folder common for the entire suite, not just this file 23 skopeo --insecure-policy copy --format=oci docker://ghcr.io/project-zot/test-images/busybox:1.36 oci:${TEST_DATA_DIR}/busybox:1.36 24 # Setup zot server 25 local zot_root_dir=${BATS_FILE_TMPDIR}/zot 26 local zot_config_file=${BATS_FILE_TMPDIR}/zot_config.json 27 local oci_data_dir=${BATS_FILE_TMPDIR}/oci 28 local zot_htpasswd_file=${BATS_FILE_TMPDIR}/htpasswd 29 mkdir -p ${zot_root_dir} 30 mkdir -p ${oci_data_dir} 31 zot_port=$(get_free_port) 32 echo ${zot_port} > ${BATS_FILE_TMPDIR}/zot.port 33 htpasswd -Bbn ${AUTH_USER} ${AUTH_PASS} >> ${zot_htpasswd_file} 34 cat > ${zot_config_file}<<EOF 35 { 36 "distSpecVersion": "1.1.0-dev", 37 "storage": { 38 "rootDirectory": "${zot_root_dir}" 39 }, 40 "http": { 41 "address": "127.0.0.1", 42 "port": "${zot_port}", 43 "auth": { 44 "htpasswd": { 45 "path": "${zot_htpasswd_file}" 46 } 47 }, 48 "accessControl": { 49 "repositories": { 50 "**": { 51 "anonymousPolicy": ["read"], 52 "policies": [ 53 { 54 "users": [ 55 "${AUTH_USER}" 56 ], 57 "actions": [ 58 "read", 59 "create", 60 "update" 61 ] 62 } 63 ] 64 } 65 } 66 } 67 }, 68 "log": { 69 "level": "debug", 70 "output": "${BATS_FILE_TMPDIR}/zot.log" 71 } 72 } 73 EOF 74 zot_serve ${ZOT_PATH} ${zot_config_file} 75 wait_zot_reachable ${zot_port} 76 } 77 78 function teardown() { 79 # conditionally printing on failure is possible from teardown but not from from teardown_file 80 cat ${BATS_FILE_TMPDIR}/zot.log 81 } 82 83 function teardown_file() { 84 zot_stop_all 85 } 86 87 @test "push image user policy" { 88 zot_port=`cat ${BATS_FILE_TMPDIR}/zot.port` 89 run skopeo --insecure-policy copy --dest-creds ${AUTH_USER}:${AUTH_PASS} --dest-tls-verify=false \ 90 oci:${TEST_DATA_DIR}/busybox:1.36 \ 91 docker://127.0.0.1:${zot_port}/busybox:1.36 92 [ "$status" -eq 0 ] 93 } 94 95 @test "pull image anonymous policy" { 96 local oci_data_dir=${BATS_FILE_TMPDIR}/oci 97 zot_port=`cat ${BATS_FILE_TMPDIR}/zot.port` 98 run skopeo --insecure-policy copy --src-tls-verify=false \ 99 docker://127.0.0.1:${zot_port}/busybox:1.36 \ 100 oci:${oci_data_dir}/busybox:1.36 101 [ "$status" -eq 0 ] 102 } 103 104 @test "push image anonymous policy" { 105 zot_port=`cat ${BATS_FILE_TMPDIR}/zot.port` 106 run skopeo --insecure-policy copy --dest-tls-verify=false \ 107 oci:${TEST_DATA_DIR}/busybox:1.36 \ 108 docker://127.0.0.1:${zot_port}/busybox:1.36 109 [ "$status" -eq 1 ] 110 }