[test] Import from registry using credentials - tier 1 test (#1281)

Signed-off-by: Tomasz Baranski <tbaransk@redhat.com>

manifests/templates/registry-host.yaml.in

@@ -30,6 +30,7 @@ spec:
       containers:
       - name: registry
         image: {{ .DockerRepo }}/cdi-func-test-registry:{{ .DockerTag }}
+        command: ["/start-registry.sh", "/etc/docker/registry/registry-config.yml"]
         imagePullPolicy: {{ .PullPolicy }}
         ports:
           - name: sec-docker-reg
@@ -40,6 +41,30 @@ spec:
           mountPath: "/tmp/health"
         - name: "images"
           mountPath: "/tmp/shared"
+        - name: "registry-storage"
+          mountPath: "/var/lib/registry"
+        readinessProbe:
+          exec:
+            command:
+             - cat
+             - /tmp/health/ready
+          initialDelaySeconds: 20
+          periodSeconds: 20
+      - name: registry-auth
+        image: {{ .DockerRepo }}/cdi-func-test-registry:{{ .DockerTag }}
+        command: ["/start-registry.sh", "/etc/docker/registry/registry-auth-config.yml"]
+        imagePullPolicy: {{ .PullPolicy }}
+        ports:
+          - name: auth-docker-reg
+            containerPort: 1443
+        resources: {}
+        volumeMounts:
+        - name: "health"
+          mountPath: "/tmp/health"
+        - name: "images"
+          mountPath: "/tmp/shared"
+        - name: "registry-storage"
+          mountPath: "/var/lib/registry"
         readinessProbe:
           exec:
             command:
@@ -75,6 +100,8 @@ spec:
         emptyDir: {}
       - name: "health"
         emptyDir: {}
+      - name: "registry-storage"
+        emptyDir: {}
 ---
 apiVersion: v1
 kind: Service
@@ -93,3 +120,6 @@ spec:
   - name: alt-sec-docker-reg
     port: 5000
     targetPort: 443
+  - name: auth-docker-reg
+    port: 1443
+    targetPort: 1443

tests/transport_test.go

@@ -125,6 +125,7 @@ var _ = Describe("Transport Tests", func() {
 	httpsNoAuthEp := fmt.Sprintf("https://%s:%d", utils.FileHostName+"."+f.CdiInstallNs, utils.HTTPSNoAuthPort)
 	httpAuthEp := fmt.Sprintf("http://%s:%d", utils.FileHostName+"."+f.CdiInstallNs, utils.HTTPAuthPort)
 	registryNoAuthEp := fmt.Sprintf("docker://%s", utils.RegistryHostName+"."+f.CdiInstallNs)
+	registryAuthEp := fmt.Sprintf("docker://%s.%s:%d", utils.RegistryHostName, f.CdiInstallNs, 1443)
 	altRegistryNoAuthEp := fmt.Sprintf("docker://%s.%s:%d", utils.RegistryHostName, f.CdiInstallNs, 5000)
 	DescribeTable("Transport Test Table", it,
 		Entry("should connect to http endpoint without credentials", httpNoAuthEp, targetFile, "", "", controller.SourceHTTP, "", false, true),
@@ -133,6 +134,8 @@ var _ = Describe("Transport Tests", func() {
 		Entry("should connect to QCOW http endpoint without credentials", httpNoAuthEp, targetQCOWFile, "", "", controller.SourceHTTP, "", false, true),
 		Entry("should connect to QCOW http endpoint with credentials", httpAuthEp, targetQCOWFile, utils.AccessKeyValue, utils.SecretKeyValue, controller.SourceHTTP, "", false, true),
 		Entry("should succeed to import from registry when image contains valid qcow file, custom cert", registryNoAuthEp, targetQCOWImage, "", "", controller.SourceRegistry, "cdi-docker-registry-host-certs", false, true),
+		Entry("should fail to import from registry when image contains valid qcow file, custom cert+auth, invalid credentials", registryAuthEp, targetQCOWImage, "invalid", "invalid", controller.SourceRegistry, "cdi-docker-registry-host-certs", true, false),
+		Entry("should succeed to import from registry when image contains valid qcow file, custom cert+auth, valid credentials", registryAuthEp, targetQCOWImage, utils.AccessKeyValue, utils.SecretKeyValue, controller.SourceRegistry, "cdi-docker-registry-host-certs", true, true),
 		Entry("should succeed to import from registry when image contains valid qcow file, no auth", registryNoAuthEp, targetQCOWImage, "", "", controller.SourceRegistry, "", true, true),
 		Entry("should succeed to import from registry when image contains valid qcow file, auth", altRegistryNoAuthEp, targetQCOWImage, "", "", controller.SourceRegistry, "", true, true),
 		Entry("should fail no certs", registryNoAuthEp, targetQCOWImage, "", "", controller.SourceRegistry, "", false, false),

tools/cdi-func-test-registry-init/BUILD.bazel

@@ -119,6 +119,8 @@ filegroup(
     name = "registry-config",
     srcs = [
         ":registry-config.yml",
+        ":registry-auth-config.yml",
+        ":htpasswd",
     ],
 )
 

tools/cdi-func-test-registry-init/htpasswd

@@ -0,0 +1 @@
+admin:$2y$05$MxYjtuvQODD2Rq36.PD3KOZzPGbqvLJ1gPFa6b.rTOPxCVYXmF3sy

tools/cdi-func-test-registry-init/registry-auth-config.yml

@@ -0,0 +1,28 @@
+version: 0.1
+log:
+  fields:
+    service: registry
+storage:
+  cache:
+    blobdescriptor: inmemory
+  filesystem:
+    rootdirectory: /var/lib/registry
+  maintenance:
+    readonly:
+      enabled: true
+auth:
+  htpasswd:
+    realm: basic-realm
+    path: /etc/docker/registry/htpasswd
+http:
+  addr: :1443
+  tls:
+    certificate: /tmp/shared/certs/domain.crt
+    key: /tmp/shared/certs/domain.key
+  headers:
+    X-Content-Type-Options: [nosniff]
+health:
+  storagedriver:
+    enabled: true
+    interval: 10s
+    threshold: 3

tools/cdi-func-test-registry-init/start-registry.sh

@@ -1,2 +1,3 @@
 #!/bin/sh
-registry serve /etc/docker/registry/registry-config.yml
+CONFIG_FILE=${1:-/etc/docker/registry/registry-config.yml}
+registry serve ${CONFIG_FILE}