diff --git a/pkg/api/authn_test.go b/pkg/api/authn_test.go
index b989d7865d..dc60173ca6 100644
--- a/pkg/api/authn_test.go
+++ b/pkg/api/authn_test.go
@@ -79,7 +79,9 @@ func TestAPIKeys(t *testing.T) {
conf := config.New()
conf.HTTP.Port = port
- htpasswdPath := test.MakeHtpasswdFile()
+ username := test.GenerateRandomString()
+ password := test.GenerateRandomString()
+ htpasswdPath := test.MakeHtpasswdFileFromString(test.GetCredString(username, password))
defer os.Remove(htpasswdPath)
mockOIDCServer, err := authutils.MockOIDCRun()
@@ -145,7 +147,7 @@ func TestAPIKeys(t *testing.T) {
Convey("API key retrieved with basic auth", func() {
resp, err := resty.R().
SetBody(reqBody).
- SetBasicAuth("test", "test").
+ SetBasicAuth(username, password).
Post(baseURL + constants.APIKeyPath)
So(err, ShouldBeNil)
So(resp, ShouldNotBeNil)
@@ -162,7 +164,7 @@ func TestAPIKeys(t *testing.T) {
So(email, ShouldNotBeEmpty)
resp, err = resty.R().
- SetBasicAuth("test", apiKeyResponse.APIKey).
+ SetBasicAuth(username, apiKeyResponse.APIKey).
Get(baseURL + "/v2/_catalog")
So(err, ShouldBeNil)
So(resp, ShouldNotBeNil)
@@ -170,7 +172,7 @@ func TestAPIKeys(t *testing.T) {
// get API key list with basic auth
resp, err = resty.R().
- SetBasicAuth("test", "test").
+ SetBasicAuth(username, password).
Get(baseURL + constants.APIKeyPath)
So(err, ShouldBeNil)
So(resp, ShouldNotBeNil)
@@ -189,7 +191,7 @@ func TestAPIKeys(t *testing.T) {
// add another one
resp, err = resty.R().
SetBody(reqBody).
- SetBasicAuth("test", "test").
+ SetBasicAuth(username, password).
Post(baseURL + constants.APIKeyPath)
So(err, ShouldBeNil)
So(resp, ShouldNotBeNil)
@@ -199,7 +201,7 @@ func TestAPIKeys(t *testing.T) {
So(err, ShouldBeNil)
resp, err = resty.R().
- SetBasicAuth("test", apiKeyResponse.APIKey).
+ SetBasicAuth(username, apiKeyResponse.APIKey).
Get(baseURL + "/v2/_catalog")
So(err, ShouldBeNil)
So(resp, ShouldNotBeNil)
@@ -207,7 +209,7 @@ func TestAPIKeys(t *testing.T) {
// get API key list with api key auth
resp, err = resty.R().
- SetBasicAuth("test", apiKeyResponse.APIKey).
+ SetBasicAuth(username, apiKeyResponse.APIKey).
Get(baseURL + constants.APIKeyPath)
So(err, ShouldBeNil)
So(resp, ShouldNotBeNil)
@@ -600,7 +602,7 @@ func TestAPIKeys(t *testing.T) {
So(len(apiKeyListResponse.APIKeys), ShouldEqual, 0)
resp, err = client.R().
- SetBasicAuth("test", "test").
+ SetBasicAuth(username, password).
SetQueryParam("id", apiKeyResponse.UUID).
Delete(baseURL + constants.APIKeyPath)
So(err, ShouldBeNil)
@@ -832,7 +834,9 @@ func TestAPIKeys(t *testing.T) {
func TestAPIKeysOpenDBError(t *testing.T) {
Convey("Test API keys - unable to create database", t, func() {
conf := config.New()
- htpasswdPath := test.MakeHtpasswdFile()
+ username := test.GenerateRandomString()
+ password := test.GenerateRandomString()
+ htpasswdPath := test.MakeHtpasswdFileFromString(test.GetCredString(username, password))
defer os.Remove(htpasswdPath)
mockOIDCServer, err := authutils.MockOIDCRun()
diff --git a/pkg/api/controller_test.go b/pkg/api/controller_test.go
index 0fdf0c90cd..46b6f1062d 100644
--- a/pkg/api/controller_test.go
+++ b/pkg/api/controller_test.go
@@ -46,7 +46,6 @@ import (
. "github.com/smartystreets/goconvey/convey"
"github.com/stretchr/testify/assert"
"go.etcd.io/bbolt"
- "golang.org/x/crypto/bcrypt"
"gopkg.in/resty.v1"
"zotregistry.io/zot/errors"
@@ -73,31 +72,22 @@ import (
)
const (
- username = "test"
- htpasswdUsername = "htpasswduser"
- passphrase = "test"
- group = "test"
- repo = "test"
ServerCert = "../../test/data/server.cert"
ServerKey = "../../test/data/server.key"
CACert = "../../test/data/ca.crt"
- AuthorizedNamespace = "everyone/isallowed"
UnauthorizedNamespace = "fortknox/notallowed"
- ALICE = "alice"
AuthorizationNamespace = "authz/image"
- AuthorizationAllRepos = "**"
+ LDAPAddress = "127.0.0.1"
)
-func getCredString(username, password string) string {
- hash, err := bcrypt.GenerateFromPassword([]byte(password), 10)
- if err != nil {
- panic(err)
- }
-
- usernameAndHash := fmt.Sprintf("%s:%s", username, string(hash))
-
- return usernameAndHash
-}
+var (
+ username = test.GenerateRandomString() //nolint: gochecknoglobals
+ password = test.GenerateRandomString() //nolint: gochecknoglobals
+ group = test.GenerateRandomString() //nolint: gochecknoglobals
+ LDAPBaseDN = "ou=" + username //nolint: gochecknoglobals
+ LDAPBindDN = "cn=reader," + LDAPBaseDN //nolint: gochecknoglobals
+ LDAPBindPassword = test.GenerateRandomString() //nolint: gochecknoglobals
+)
func TestNew(t *testing.T) {
Convey("Make a new controller", t, func() {
@@ -522,10 +512,10 @@ func TestHtpasswdSingleCred(t *testing.T) {
port := test.GetFreePort()
baseURL := test.GetBaseURL(port)
singleCredtests := []string{}
- user := ALICE
- password := ALICE
- singleCredtests = append(singleCredtests, getCredString(user, password))
- singleCredtests = append(singleCredtests, getCredString(user, password)+"\n")
+ user := test.GenerateRandomString()
+ password := test.GenerateRandomString()
+ singleCredtests = append(singleCredtests, test.GetCredString(user, password))
+ singleCredtests = append(singleCredtests, test.GetCredString(user, password))
for _, testString := range singleCredtests {
func() {
@@ -583,9 +573,7 @@ func TestAllowMethodsHeader(t *testing.T) {
simpleUser := "simpleUser"
simpleUserPassword := "simpleUserPass"
- credTests := fmt.Sprintf("%s\n\n", getCredString(simpleUser, simpleUserPassword))
-
- htpasswdPath := test.MakeHtpasswdFileFromString(credTests)
+ htpasswdPath := test.MakeHtpasswdFileFromString(test.GetCredString(simpleUser, simpleUserPassword))
defer os.Remove(htpasswdPath)
conf.HTTP.Auth = &config.AuthConfig{
@@ -661,14 +649,14 @@ func TestHtpasswdTwoCreds(t *testing.T) {
password1 := "aliciapassword"
user2 := "bob"
password2 := "robert"
- twoCredTests = append(twoCredTests, getCredString(user1, password1)+"\n"+
- getCredString(user2, password2))
+ twoCredTests = append(twoCredTests, test.GetCredString(user1, password1)+"\n"+
+ test.GetCredString(user2, password2))
- twoCredTests = append(twoCredTests, getCredString(user1, password1)+"\n"+
- getCredString(user2, password2)+"\n")
+ twoCredTests = append(twoCredTests, test.GetCredString(user1, password1)+"\n"+
+ test.GetCredString(user2, password2)+"\n")
- twoCredTests = append(twoCredTests, getCredString(user1, password1)+"\n\n"+
- getCredString(user2, password2)+"\n\n")
+ twoCredTests = append(twoCredTests, test.GetCredString(user1, password1)+"\n\n"+
+ test.GetCredString(user2, password2)+"\n\n")
for _, testString := range twoCredTests {
func() {
@@ -717,7 +705,7 @@ func TestHtpasswdFiveCreds(t *testing.T) {
}
credString := strings.Builder{}
for key, val := range tests {
- credString.WriteString(getCredString(key, val) + "\n")
+ credString.WriteString(test.GetCredString(key, val) + "\n")
}
func() {
@@ -862,7 +850,9 @@ func TestBasicAuth(t *testing.T) {
baseURL := test.GetBaseURL(port)
conf := config.New()
conf.HTTP.Port = port
- htpasswdPath := test.MakeHtpasswdFile()
+ username := test.GenerateRandomString()
+ password := test.GenerateRandomString()
+ htpasswdPath := test.MakeHtpasswdFileFromString(test.GetCredString(username, password))
defer os.Remove(htpasswdPath)
conf.HTTP.Auth = &config.AuthConfig{
@@ -886,11 +876,11 @@ func TestBasicAuth(t *testing.T) {
So(err, ShouldBeNil)
// with creds, should get expected status code
- resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(baseURL)
+ resp, _ = resty.R().SetBasicAuth(username, password).Get(baseURL)
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, http.StatusNotFound)
- resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(baseURL + "/v2/")
+ resp, _ = resty.R().SetBasicAuth(username, password).Get(baseURL + "/v2/")
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, http.StatusOK)
})
@@ -915,7 +905,7 @@ func TestBlobReferenced(t *testing.T) {
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, http.StatusOK)
- repoName := "repo"
+ repoName := test.GenerateRandomName()
img := CreateRandomImage()
@@ -970,7 +960,8 @@ func TestInterruptedBlobUpload(t *testing.T) {
//nolint: dupl
Convey("Test interrupt PATCH blob upload", func() {
- resp, err := client.R().Post(baseURL + "/v2/" + AuthorizedNamespace + "/blobs/uploads/")
+ repoName := test.GenerateRandomName() + "/" + test.GenerateRandomName()
+ resp, err := client.R().Post(baseURL + "/v2/" + repoName + "/blobs/uploads/")
So(err, ShouldBeNil)
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, http.StatusAccepted)
@@ -999,7 +990,7 @@ func TestInterruptedBlobUpload(t *testing.T) {
// if the blob upload has started then interrupt by running cancel()
for {
- n, err := ctlr.StoreController.DefaultStore.GetBlobUpload(AuthorizedNamespace, sessionID)
+ n, err := ctlr.StoreController.DefaultStore.GetBlobUpload(repoName, sessionID)
if n > 0 && err == nil {
cancel()
@@ -1012,7 +1003,7 @@ func TestInterruptedBlobUpload(t *testing.T) {
// wait for zot to remove blobUpload
time.Sleep(1 * time.Second)
- resp, err = client.R().Get(baseURL + "/v2/" + AuthorizedNamespace + "/blobs/uploads/" + sessionID)
+ resp, err = client.R().Get(baseURL + "/v2/" + repoName + "/blobs/uploads/" + sessionID)
So(err, ShouldBeNil)
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, http.StatusNotFound)
@@ -1020,7 +1011,8 @@ func TestInterruptedBlobUpload(t *testing.T) {
//nolint: dupl
Convey("Test negative interrupt PATCH blob upload", func() {
- resp, err := client.R().Post(baseURL + "/v2/" + AuthorizedNamespace + "/blobs/uploads/")
+ repoName := test.GenerateRandomName() + "/" + test.GenerateRandomName()
+ resp, err := client.R().Post(baseURL + "/v2/" + repoName + "/blobs/uploads/")
So(err, ShouldBeNil)
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, http.StatusAccepted)
@@ -1049,10 +1041,10 @@ func TestInterruptedBlobUpload(t *testing.T) {
// if the blob upload has started then interrupt by running cancel()
for {
- n, err := ctlr.StoreController.DefaultStore.GetBlobUpload(AuthorizedNamespace, sessionID)
+ n, err := ctlr.StoreController.DefaultStore.GetBlobUpload(repoName, sessionID)
if n > 0 && err == nil {
// cleaning blob uploads, so that zot fails to clean up, +code coverage
- err = ctlr.StoreController.DefaultStore.DeleteBlobUpload(AuthorizedNamespace, sessionID)
+ err = ctlr.StoreController.DefaultStore.DeleteBlobUpload(repoName, sessionID)
So(err, ShouldBeNil)
cancel()
@@ -1065,7 +1057,7 @@ func TestInterruptedBlobUpload(t *testing.T) {
// wait for zot to remove blobUpload
time.Sleep(1 * time.Second)
- resp, err = client.R().Get(baseURL + "/v2/" + AuthorizedNamespace + "/blobs/uploads/" + sessionID)
+ resp, err = client.R().Get(baseURL + "/v2/" + repoName + "/blobs/uploads/" + sessionID)
So(err, ShouldBeNil)
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, http.StatusNotFound)
@@ -1073,7 +1065,8 @@ func TestInterruptedBlobUpload(t *testing.T) {
//nolint: dupl
Convey("Test interrupt PUT blob upload", func() {
- resp, err := client.R().Post(baseURL + "/v2/" + AuthorizedNamespace + "/blobs/uploads/")
+ repoName := test.GenerateRandomName() + "/" + test.GenerateRandomName()
+ resp, err := client.R().Post(baseURL + "/v2/" + repoName + "/blobs/uploads/")
So(err, ShouldBeNil)
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, http.StatusAccepted)
@@ -1102,7 +1095,7 @@ func TestInterruptedBlobUpload(t *testing.T) {
// if the blob upload has started then interrupt by running cancel()
for {
- n, err := ctlr.StoreController.DefaultStore.GetBlobUpload(AuthorizedNamespace, sessionID)
+ n, err := ctlr.StoreController.DefaultStore.GetBlobUpload(repoName, sessionID)
if n > 0 && err == nil {
cancel()
@@ -1115,7 +1108,7 @@ func TestInterruptedBlobUpload(t *testing.T) {
// wait for zot to try to remove blobUpload
time.Sleep(1 * time.Second)
- resp, err = client.R().Get(baseURL + "/v2/" + AuthorizedNamespace + "/blobs/uploads/" + sessionID)
+ resp, err = client.R().Get(baseURL + "/v2/" + repoName + "/blobs/uploads/" + sessionID)
So(err, ShouldBeNil)
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, http.StatusNotFound)
@@ -1123,7 +1116,8 @@ func TestInterruptedBlobUpload(t *testing.T) {
//nolint: dupl
Convey("Test negative interrupt PUT blob upload", func() {
- resp, err := client.R().Post(baseURL + "/v2/" + AuthorizedNamespace + "/blobs/uploads/")
+ repoName := test.GenerateRandomName() + "/" + test.GenerateRandomName()
+ resp, err := client.R().Post(baseURL + "/v2/" + repoName + "/blobs/uploads/")
So(err, ShouldBeNil)
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, http.StatusAccepted)
@@ -1152,10 +1146,10 @@ func TestInterruptedBlobUpload(t *testing.T) {
// if the blob upload has started then interrupt by running cancel()
for {
- n, err := ctlr.StoreController.DefaultStore.GetBlobUpload(AuthorizedNamespace, sessionID)
+ n, err := ctlr.StoreController.DefaultStore.GetBlobUpload(repoName, sessionID)
if n > 0 && err == nil {
// cleaning blob uploads, so that zot fails to clean up, +code coverage
- err = ctlr.StoreController.DefaultStore.DeleteBlobUpload(AuthorizedNamespace, sessionID)
+ err = ctlr.StoreController.DefaultStore.DeleteBlobUpload(repoName, sessionID)
So(err, ShouldBeNil)
cancel()
@@ -1168,7 +1162,7 @@ func TestInterruptedBlobUpload(t *testing.T) {
// wait for zot to try to remove blobUpload
time.Sleep(1 * time.Second)
- resp, err = client.R().Get(baseURL + "/v2/" + AuthorizedNamespace + "/blobs/uploads/" + sessionID)
+ resp, err = client.R().Get(baseURL + "/v2/" + repoName + "/blobs/uploads/" + sessionID)
So(err, ShouldBeNil)
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, http.StatusNotFound)
@@ -1182,7 +1176,9 @@ func TestMultipleInstance(t *testing.T) {
baseURL := test.GetBaseURL(port)
conf := config.New()
conf.HTTP.Port = port
- htpasswdPath := test.MakeHtpasswdFile()
+ username := test.GenerateRandomString()
+ password := test.GenerateRandomString()
+ htpasswdPath := test.MakeHtpasswdFileFromString(test.GetCredString(username, password))
defer os.Remove(htpasswdPath)
conf.HTTP.Auth = &config.AuthConfig{
@@ -1208,7 +1204,7 @@ func TestMultipleInstance(t *testing.T) {
client := resty.New()
- tagResponse, err := client.R().SetBasicAuth(username, passphrase).
+ tagResponse, err := client.R().SetBasicAuth(username, password).
Get(baseURL + "/v2/zot-test/tags/list")
So(err, ShouldBeNil)
So(tagResponse.StatusCode(), ShouldEqual, http.StatusNotFound)
@@ -1219,7 +1215,9 @@ func TestMultipleInstance(t *testing.T) {
baseURL := test.GetBaseURL(port)
conf := config.New()
conf.HTTP.Port = port
- htpasswdPath := test.MakeHtpasswdFile()
+ username := test.GenerateRandomString()
+ password := test.GenerateRandomString()
+ htpasswdPath := test.MakeHtpasswdFileFromString(test.GetCredString(username, password))
defer os.Remove(htpasswdPath)
conf.HTTP.Auth = &config.AuthConfig{
@@ -1247,11 +1245,11 @@ func TestMultipleInstance(t *testing.T) {
So(err, ShouldBeNil)
// with creds, should get expected status code
- resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(baseURL)
+ resp, _ = resty.R().SetBasicAuth(username, password).Get(baseURL)
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, http.StatusNotFound)
- resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(baseURL + "/v2/")
+ resp, _ = resty.R().SetBasicAuth(username, password).Get(baseURL + "/v2/")
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, http.StatusOK)
})
@@ -1261,7 +1259,9 @@ func TestMultipleInstance(t *testing.T) {
baseURL := test.GetBaseURL(port)
conf := config.New()
conf.HTTP.Port = port
- htpasswdPath := test.MakeHtpasswdFile()
+ username := test.GenerateRandomString()
+ password := test.GenerateRandomString()
+ htpasswdPath := test.MakeHtpasswdFileFromString(test.GetCredString(username, password))
defer os.Remove(htpasswdPath)
conf.HTTP.Auth = &config.AuthConfig{
@@ -1310,11 +1310,11 @@ func TestMultipleInstance(t *testing.T) {
So(err, ShouldBeNil)
// with creds, should get expected status code
- resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(baseURL)
+ resp, _ = resty.R().SetBasicAuth(username, password).Get(baseURL)
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, http.StatusNotFound)
- resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(baseURL + "/v2/")
+ resp, _ = resty.R().SetBasicAuth(username, password).Get(baseURL + "/v2/")
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, http.StatusOK)
})
@@ -1326,7 +1326,9 @@ func TestTLSWithBasicAuth(t *testing.T) {
So(err, ShouldBeNil)
caCertPool := x509.NewCertPool()
caCertPool.AppendCertsFromPEM(caCert)
- htpasswdPath := test.MakeHtpasswdFile()
+ username := test.GenerateRandomString()
+ password := test.GenerateRandomString()
+ htpasswdPath := test.MakeHtpasswdFileFromString(test.GetCredString(username, password))
defer os.Remove(htpasswdPath)
port := test.GetFreePort()
@@ -1369,11 +1371,11 @@ func TestTLSWithBasicAuth(t *testing.T) {
So(err, ShouldBeNil)
// with creds, should get expected status code
- resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(secureBaseURL)
+ resp, _ = resty.R().SetBasicAuth(username, password).Get(secureBaseURL)
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, http.StatusNotFound)
- resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(secureBaseURL + "/v2/")
+ resp, _ = resty.R().SetBasicAuth(username, password).Get(secureBaseURL + "/v2/")
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, http.StatusOK)
})
@@ -1385,7 +1387,9 @@ func TestTLSWithBasicAuthAllowReadAccess(t *testing.T) {
So(err, ShouldBeNil)
caCertPool := x509.NewCertPool()
caCertPool.AppendCertsFromPEM(caCert)
- htpasswdPath := test.MakeHtpasswdFile()
+ username := test.GenerateRandomString()
+ password := test.GenerateRandomString()
+ htpasswdPath := test.MakeHtpasswdFileFromString(test.GetCredString(username, password))
defer os.Remove(htpasswdPath)
port := test.GetFreePort()
@@ -1408,7 +1412,7 @@ func TestTLSWithBasicAuthAllowReadAccess(t *testing.T) {
conf.HTTP.AccessControl = &config.AccessControlConfig{
Repositories: config.Repositories{
- AuthorizationAllRepos: config.PolicyGroup{
+ test.AuthorizationAllRepos: config.PolicyGroup{
AnonymousPolicy: []string{"read"},
},
},
@@ -1432,11 +1436,11 @@ func TestTLSWithBasicAuthAllowReadAccess(t *testing.T) {
So(resp.StatusCode(), ShouldEqual, http.StatusOK)
// with creds, should get expected status code
- resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(secureBaseURL)
+ resp, _ = resty.R().SetBasicAuth(username, password).Get(secureBaseURL)
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, http.StatusNotFound)
- resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(secureBaseURL + "/v2/")
+ resp, _ = resty.R().SetBasicAuth(username, password).Get(secureBaseURL + "/v2/")
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, http.StatusOK)
@@ -1453,8 +1457,6 @@ func TestMutualTLSAuthWithUserPermissions(t *testing.T) {
So(err, ShouldBeNil)
caCertPool := x509.NewCertPool()
caCertPool.AppendCertsFromPEM(caCert)
- htpasswdPath := test.MakeHtpasswdFile()
- defer os.Remove(htpasswdPath)
port := test.GetFreePort()
baseURL := test.GetBaseURL(port)
@@ -1473,7 +1475,7 @@ func TestMutualTLSAuthWithUserPermissions(t *testing.T) {
conf.HTTP.AccessControl = &config.AccessControlConfig{
Repositories: config.Repositories{
- AuthorizationAllRepos: config.PolicyGroup{
+ test.AuthorizationAllRepos: config.PolicyGroup{
Policies: []config.Policy{
{
Users: []string{"*"},
@@ -1495,7 +1497,7 @@ func TestMutualTLSAuthWithUserPermissions(t *testing.T) {
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, http.StatusBadRequest)
- repoPolicy := conf.HTTP.AccessControl.Repositories[AuthorizationAllRepos]
+ repoPolicy := conf.HTTP.AccessControl.Repositories[test.AuthorizationAllRepos]
// setup TLS mutual auth
cert, err := tls.LoadX509KeyPair("../../test/data/client.cert", "../../test/data/client.key")
@@ -1533,7 +1535,7 @@ func TestMutualTLSAuthWithUserPermissions(t *testing.T) {
// empty default authorization and give user the permission to create
repoPolicy.Policies[0].Actions = append(repoPolicy.Policies[0].Actions, "create")
- conf.HTTP.AccessControl.Repositories[AuthorizationAllRepos] = repoPolicy
+ conf.HTTP.AccessControl.Repositories[test.AuthorizationAllRepos] = repoPolicy
resp, err = resty.R().Post(secureBaseURL + "/v2/repo/blobs/uploads/")
So(err, ShouldBeNil)
So(resp.StatusCode(), ShouldEqual, http.StatusAccepted)
@@ -1563,7 +1565,7 @@ func TestMutualTLSAuthWithoutCN(t *testing.T) {
conf.HTTP.AccessControl = &config.AccessControlConfig{
Repositories: config.Repositories{
- AuthorizationAllRepos: config.PolicyGroup{
+ test.AuthorizationAllRepos: config.PolicyGroup{
Policies: []config.Policy{
{
Users: []string{"*"},
@@ -1630,8 +1632,10 @@ func TestTLSMutualAuth(t *testing.T) {
_, err = resty.R().Get(secureBaseURL)
So(err, ShouldNotBeNil)
+ username := test.GenerateRandomString()
+ password := test.GenerateRandomString()
// with creds but without certs, should get conn error
- _, err = resty.R().SetBasicAuth(username, passphrase).Get(secureBaseURL)
+ _, err = resty.R().SetBasicAuth(username, password).Get(secureBaseURL)
So(err, ShouldNotBeNil)
// setup TLS mutual auth
@@ -1648,12 +1652,12 @@ func TestTLSMutualAuth(t *testing.T) {
So(resp.StatusCode(), ShouldEqual, http.StatusOK)
// with client certs and creds, should get expected status code
- resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(secureBaseURL)
+ resp, _ = resty.R().SetBasicAuth(username, password).Get(secureBaseURL)
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, http.StatusNotFound)
// with client certs, creds shouldn't matter
- resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(secureBaseURL + "/v2/")
+ resp, _ = resty.R().SetBasicAuth(username, password).Get(secureBaseURL + "/v2/")
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, http.StatusOK)
})
@@ -1682,7 +1686,7 @@ func TestTLSMutualAuthAllowReadAccess(t *testing.T) {
conf.HTTP.AccessControl = &config.AccessControlConfig{
Repositories: config.Repositories{
- AuthorizationAllRepos: config.PolicyGroup{
+ test.AuthorizationAllRepos: config.PolicyGroup{
AnonymousPolicy: []string{"read"},
},
},
@@ -1705,8 +1709,10 @@ func TestTLSMutualAuthAllowReadAccess(t *testing.T) {
So(err, ShouldBeNil)
So(resp.StatusCode(), ShouldEqual, http.StatusOK)
+ username := test.GenerateRandomString()
+ password := test.GenerateRandomString()
// with creds but without certs, reads are allowed
- resp, err = resty.R().SetBasicAuth(username, passphrase).Get(secureBaseURL + "/v2/")
+ resp, err = resty.R().SetBasicAuth(username, password).Get(secureBaseURL + "/v2/")
So(err, ShouldBeNil)
So(resp.StatusCode(), ShouldEqual, http.StatusOK)
@@ -1729,12 +1735,12 @@ func TestTLSMutualAuthAllowReadAccess(t *testing.T) {
So(resp.StatusCode(), ShouldEqual, http.StatusOK)
// with client certs and creds, should get expected status code
- resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(secureBaseURL)
+ resp, _ = resty.R().SetBasicAuth(username, password).Get(secureBaseURL)
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, http.StatusNotFound)
// with client certs, creds shouldn't matter
- resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(secureBaseURL + "/v2/")
+ resp, _ = resty.R().SetBasicAuth(username, password).Get(secureBaseURL + "/v2/")
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, http.StatusOK)
})
@@ -1746,7 +1752,9 @@ func TestTLSMutualAndBasicAuth(t *testing.T) {
So(err, ShouldBeNil)
caCertPool := x509.NewCertPool()
caCertPool.AppendCertsFromPEM(caCert)
- htpasswdPath := test.MakeHtpasswdFile()
+ username := test.GenerateRandomString()
+ password := test.GenerateRandomString()
+ htpasswdPath := test.MakeHtpasswdFileFromString(test.GetCredString(username, password))
defer os.Remove(htpasswdPath)
port := test.GetFreePort()
@@ -1787,7 +1795,7 @@ func TestTLSMutualAndBasicAuth(t *testing.T) {
So(resp.StatusCode(), ShouldEqual, http.StatusBadRequest)
// with creds but without certs, should succeed
- _, err = resty.R().SetBasicAuth(username, passphrase).Get(secureBaseURL)
+ _, err = resty.R().SetBasicAuth(username, password).Get(secureBaseURL)
So(err, ShouldBeNil)
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, http.StatusBadRequest)
@@ -1806,11 +1814,11 @@ func TestTLSMutualAndBasicAuth(t *testing.T) {
So(resp.StatusCode(), ShouldEqual, http.StatusUnauthorized)
// with client certs and creds, should get expected status code
- resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(secureBaseURL)
+ resp, _ = resty.R().SetBasicAuth(username, password).Get(secureBaseURL)
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, http.StatusNotFound)
- resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(secureBaseURL + "/v2/")
+ resp, _ = resty.R().SetBasicAuth(username, password).Get(secureBaseURL + "/v2/")
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, http.StatusOK)
})
@@ -1822,7 +1830,9 @@ func TestTLSMutualAndBasicAuthAllowReadAccess(t *testing.T) {
So(err, ShouldBeNil)
caCertPool := x509.NewCertPool()
caCertPool.AppendCertsFromPEM(caCert)
- htpasswdPath := test.MakeHtpasswdFile()
+ username := test.GenerateRandomString()
+ password := test.GenerateRandomString()
+ htpasswdPath := test.MakeHtpasswdFileFromString(test.GetCredString(username, password))
defer os.Remove(htpasswdPath)
port := test.GetFreePort()
@@ -1846,7 +1856,7 @@ func TestTLSMutualAndBasicAuthAllowReadAccess(t *testing.T) {
conf.HTTP.AccessControl = &config.AccessControlConfig{
Repositories: config.Repositories{
- AuthorizationAllRepos: config.PolicyGroup{
+ test.AuthorizationAllRepos: config.PolicyGroup{
AnonymousPolicy: []string{"read"},
},
},
@@ -1871,7 +1881,7 @@ func TestTLSMutualAndBasicAuthAllowReadAccess(t *testing.T) {
So(resp.StatusCode(), ShouldEqual, http.StatusBadRequest)
// with creds but without certs, should succeed
- _, err = resty.R().SetBasicAuth(username, passphrase).Get(secureBaseURL)
+ _, err = resty.R().SetBasicAuth(username, password).Get(secureBaseURL)
So(err, ShouldBeNil)
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, http.StatusBadRequest)
@@ -1894,23 +1904,16 @@ func TestTLSMutualAndBasicAuthAllowReadAccess(t *testing.T) {
So(resp.StatusCode(), ShouldEqual, http.StatusUnauthorized)
// with client certs and creds, should get expected status code
- resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(secureBaseURL)
+ resp, _ = resty.R().SetBasicAuth(username, password).Get(secureBaseURL)
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, http.StatusNotFound)
- resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(secureBaseURL + "/v2/")
+ resp, _ = resty.R().SetBasicAuth(username, password).Get(secureBaseURL + "/v2/")
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, http.StatusOK)
})
}
-const (
- LDAPAddress = "127.0.0.1"
- LDAPBaseDN = "ou=test"
- LDAPBindDN = "cn=reader," + LDAPBaseDN
- LDAPBindPassword = "bindPassword"
-)
-
type testLDAPServer struct {
server *vldap.Server
quitCh chan bool
@@ -1958,7 +1961,7 @@ func (l *testLDAPServer) Bind(bindDN, bindSimplePw string, conn net.Conn) (vldap
}
if (bindDN == LDAPBindDN && bindSimplePw == LDAPBindPassword) ||
- (bindDN == fmt.Sprintf("cn=%s,%s", username, LDAPBaseDN) && bindSimplePw == passphrase) {
+ (bindDN == fmt.Sprintf("cn=%s,%s", username, LDAPBaseDN) && bindSimplePw == password) {
return vldap.LDAPResultSuccess, nil
}
@@ -2030,11 +2033,11 @@ func TestBasicAuthWithLDAP(t *testing.T) {
So(err, ShouldBeNil)
// with creds, should get expected status code
- resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(baseURL)
+ resp, _ = resty.R().SetBasicAuth(username, password).Get(baseURL)
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, http.StatusNotFound)
- resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(baseURL + "/v2/")
+ resp, _ = resty.R().SetBasicAuth(username, password).Get(baseURL + "/v2/")
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, http.StatusOK)
@@ -2073,6 +2076,7 @@ func TestGroupsPermissionsForLDAP(t *testing.T) {
},
}
+ repoName := test.GenerateRandomName()
conf.HTTP.AccessControl = &config.AccessControlConfig{
Groups: config.Groups{
group: {
@@ -2080,7 +2084,7 @@ func TestGroupsPermissionsForLDAP(t *testing.T) {
},
},
Repositories: config.Repositories{
- repo: config.PolicyGroup{
+ repoName: config.PolicyGroup{
Policies: []config.Policy{
{
Groups: []string{group},
@@ -2105,8 +2109,8 @@ func TestGroupsPermissionsForLDAP(t *testing.T) {
img := CreateDefaultImage()
err = UploadImageWithBasicAuth(
- img, baseURL, repo, img.DigestStr(),
- username, passphrase)
+ img, baseURL, repoName, img.DigestStr(),
+ username, password)
So(err, ShouldBeNil)
})
}
@@ -2207,7 +2211,8 @@ func TestBearerAuth(t *testing.T) {
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, http.StatusNoContent)
- resp, err = resty.R().Post(baseURL + "/v2/" + AuthorizedNamespace + "/blobs/uploads/")
+ repoName := test.GenerateRandomName() + "/" + test.GenerateRandomName()
+ resp, err = resty.R().Post(baseURL + "/v2/" + repoName + "/blobs/uploads/")
So(err, ShouldBeNil)
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, http.StatusUnauthorized)
@@ -2225,7 +2230,7 @@ func TestBearerAuth(t *testing.T) {
resp, err = resty.R().
SetHeader("Authorization", fmt.Sprintf("Bearer %s", goodToken.AccessToken)).
- Post(baseURL + "/v2/" + AuthorizedNamespace + "/blobs/uploads/")
+ Post(baseURL + "/v2/" + repoName + "/blobs/uploads/")
So(err, ShouldBeNil)
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, http.StatusAccepted)
@@ -2265,7 +2270,7 @@ func TestBearerAuth(t *testing.T) {
resp, err = resty.R().
SetHeader("Authorization", fmt.Sprintf("Bearer %s", goodToken.AccessToken)).
- Get(baseURL + "/v2/" + AuthorizedNamespace + "/tags/list")
+ Get(baseURL + "/v2/" + repoName + "/tags/list")
So(err, ShouldBeNil)
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, http.StatusUnauthorized)
@@ -2283,7 +2288,7 @@ func TestBearerAuth(t *testing.T) {
resp, err = resty.R().
SetHeader("Authorization", fmt.Sprintf("Bearer %s", goodToken.AccessToken)).
- Get(baseURL + "/v2/" + AuthorizedNamespace + "/tags/list")
+ Get(baseURL + "/v2/" + repoName + "/tags/list")
So(err, ShouldBeNil)
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, http.StatusOK)
@@ -2361,7 +2366,7 @@ func TestBearerAuthWithAllowReadAccess(t *testing.T) {
conf.HTTP.AccessControl = &config.AccessControlConfig{
Repositories: config.Repositories{
- AuthorizationAllRepos: config.PolicyGroup{
+ test.AuthorizationAllRepos: config.PolicyGroup{
AnonymousPolicy: []string{"read"},
},
},
@@ -2398,7 +2403,8 @@ func TestBearerAuthWithAllowReadAccess(t *testing.T) {
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, http.StatusOK)
- resp, err = resty.R().Post(baseURL + "/v2/" + AuthorizedNamespace + "/blobs/uploads/")
+ repoName := test.GenerateRandomName() + "/" + test.GenerateRandomName()
+ resp, err = resty.R().Post(baseURL + "/v2/" + repoName + "/blobs/uploads/")
So(err, ShouldBeNil)
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, http.StatusUnauthorized)
@@ -2416,7 +2422,7 @@ func TestBearerAuthWithAllowReadAccess(t *testing.T) {
resp, err = resty.R().
SetHeader("Authorization", fmt.Sprintf("Bearer %s", goodToken.AccessToken)).
- Post(baseURL + "/v2/" + AuthorizedNamespace + "/blobs/uploads/")
+ Post(baseURL + "/v2/" + repoName + "/blobs/uploads/")
So(err, ShouldBeNil)
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, http.StatusAccepted)
@@ -2456,7 +2462,7 @@ func TestBearerAuthWithAllowReadAccess(t *testing.T) {
resp, err = resty.R().
SetHeader("Authorization", fmt.Sprintf("Bearer %s", goodToken.AccessToken)).
- Get(baseURL + "/v2/" + AuthorizedNamespace + "/tags/list")
+ Get(baseURL + "/v2/" + repoName + "/tags/list")
So(err, ShouldBeNil)
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, http.StatusUnauthorized)
@@ -2474,7 +2480,7 @@ func TestBearerAuthWithAllowReadAccess(t *testing.T) {
resp, err = resty.R().
SetHeader("Authorization", fmt.Sprintf("Bearer %s", goodToken.AccessToken)).
- Get(baseURL + "/v2/" + AuthorizedNamespace + "/tags/list")
+ Get(baseURL + "/v2/" + repoName + "/tags/list")
So(err, ShouldBeNil)
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, http.StatusOK)
@@ -2605,8 +2611,9 @@ func TestOpenIDMiddleware(t *testing.T) {
}
// need a username different than ldap one, to test both logic
- content := fmt.Sprintf("%s:$2y$05$hlbSXDp6hzDLu6VwACS39ORvVRpr3OMR4RlJ31jtlaOEGnPjKZI1m\n", htpasswdUsername)
- htpasswdPath := test.MakeHtpasswdFileFromString(content)
+ htpasswdUsername := test.GenerateRandomString()
+ htpasswdPassword := test.GenerateRandomString()
+ htpasswdPath := test.MakeHtpasswdFileFromString(test.GetCredString(htpasswdUsername, htpasswdPassword))
defer os.Remove(htpasswdPath)
@@ -2721,7 +2728,7 @@ func TestOpenIDMiddleware(t *testing.T) {
client := resty.New()
// without header should not create session
- resp, err := client.R().SetBasicAuth(htpasswdUsername, passphrase).Get(baseURL + "/v2/")
+ resp, err := client.R().SetBasicAuth(htpasswdUsername, htpasswdPassword).Get(baseURL + "/v2/")
So(err, ShouldBeNil)
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, http.StatusOK)
@@ -2732,7 +2739,7 @@ func TestOpenIDMiddleware(t *testing.T) {
client.SetHeader(constants.SessionClientHeaderName, constants.SessionClientHeaderValue)
- resp, err = client.R().SetBasicAuth(htpasswdUsername, passphrase).Get(baseURL + "/v2/")
+ resp, err = client.R().SetBasicAuth(htpasswdUsername, htpasswdPassword).Get(baseURL + "/v2/")
So(err, ShouldBeNil)
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, http.StatusOK)
@@ -2745,7 +2752,7 @@ func TestOpenIDMiddleware(t *testing.T) {
client.SetCookies(resp.Cookies())
// should get same cookie
- resp, err = client.R().SetBasicAuth(htpasswdUsername, passphrase).Get(baseURL + "/v2/")
+ resp, err = client.R().SetBasicAuth(htpasswdUsername, htpasswdPassword).Get(baseURL + "/v2/")
So(err, ShouldBeNil)
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, http.StatusOK)
@@ -2754,8 +2761,7 @@ func TestOpenIDMiddleware(t *testing.T) {
So(err, ShouldBeNil)
So(sessionsNo, ShouldEqual, 1)
- resp, err = client.R().
- SetBasicAuth(htpasswdUsername, passphrase).
+ resp, err = client.R().SetBasicAuth(htpasswdUsername, htpasswdPassword).
Get(baseURL + constants.FullMgmt)
So(err, ShouldBeNil)
So(resp, ShouldNotBeNil)
@@ -2770,7 +2776,7 @@ func TestOpenIDMiddleware(t *testing.T) {
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, http.StatusOK)
- resp, err = client.R().SetBasicAuth(htpasswdUsername, passphrase).Get(baseURL + "/v2/")
+ resp, err = client.R().SetBasicAuth(htpasswdUsername, htpasswdPassword).Get(baseURL + "/v2/")
So(err, ShouldBeNil)
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, http.StatusOK)
@@ -2850,18 +2856,17 @@ func TestOpenIDMiddleware(t *testing.T) {
// first login user
// with creds, should get expected status code
- resp, err = client.R().SetBasicAuth(htpasswdUsername, passphrase).Get(baseURL)
+ resp, err = client.R().SetBasicAuth(htpasswdUsername, htpasswdPassword).Get(baseURL)
So(err, ShouldBeNil)
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, http.StatusOK)
- resp, err = client.R().SetBasicAuth(htpasswdUsername, passphrase).Get(baseURL + "/v2/")
+ resp, err = client.R().SetBasicAuth(htpasswdUsername, htpasswdPassword).Get(baseURL + "/v2/")
So(err, ShouldBeNil)
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, http.StatusOK)
- resp, err = client.R().
- SetBasicAuth(htpasswdUsername, passphrase).
+ resp, err = client.R().SetBasicAuth(htpasswdUsername, htpasswdPassword).
Get(baseURL + constants.FullMgmt)
So(err, ShouldBeNil)
So(resp, ShouldNotBeNil)
@@ -2913,18 +2918,17 @@ func TestOpenIDMiddleware(t *testing.T) {
// first login user
// with creds, should get expected status code
- resp, err = client.R().SetBasicAuth(username, passphrase).Get(baseURL)
+ resp, err = client.R().SetBasicAuth(username, password).Get(baseURL)
So(err, ShouldBeNil)
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, http.StatusOK)
- resp, err = client.R().SetBasicAuth(username, passphrase).Get(baseURL + "/v2/")
+ resp, err = client.R().SetBasicAuth(username, password).Get(baseURL + "/v2/")
So(err, ShouldBeNil)
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, http.StatusOK)
- resp, err = client.R().
- SetBasicAuth(username, passphrase).
+ resp, err = client.R().SetBasicAuth(username, password).
Get(baseURL + constants.FullMgmt)
So(err, ShouldBeNil)
So(resp, ShouldNotBeNil)
@@ -3086,9 +3090,9 @@ func TestAuthnSessionErrors(t *testing.T) {
invalidSessionID := "sessionID"
// need a username different than ldap one, to test both logic
- content := fmt.Sprintf("%s:$2y$05$hlbSXDp6hzDLu6VwACS39ORvVRpr3OMR4RlJ31jtlaOEGnPjKZI1m\n", htpasswdUsername)
-
- htpasswdPath := test.MakeHtpasswdFileFromString(content)
+ htpasswdUsername := test.GenerateRandomString()
+ htpasswdPassword := test.GenerateRandomString()
+ htpasswdPath := test.MakeHtpasswdFileFromString(test.GetCredString(htpasswdUsername, htpasswdPassword))
defer os.Remove(htpasswdPath)
ldapServer := newTestLDAPServer()
@@ -3175,8 +3179,7 @@ func TestAuthnSessionErrors(t *testing.T) {
},
}
- resp, err := client.R().
- SetBasicAuth(htpasswdUsername, passphrase).
+ resp, err := client.R().SetBasicAuth(htpasswdUsername, htpasswdPassword).
Get(baseURL + "/v2/_catalog")
So(err, ShouldBeNil)
So(resp, ShouldNotBeNil)
@@ -3192,8 +3195,7 @@ func TestAuthnSessionErrors(t *testing.T) {
},
}
- resp, err := client.R().
- SetBasicAuth(username, passphrase).
+ resp, err := client.R().SetBasicAuth(username, password).
Get(baseURL + "/v2/_catalog")
So(err, ShouldBeNil)
So(resp, ShouldNotBeNil)
@@ -3335,16 +3337,14 @@ func TestAuthnSessionErrors(t *testing.T) {
client.SetHeader(constants.SessionClientHeaderName, constants.SessionClientHeaderValue)
// first htpasswd saveSessionLoggedUser() error
- resp, err := client.R().
- SetBasicAuth(htpasswdUsername, passphrase).
+ resp, err := client.R().SetBasicAuth(htpasswdUsername, htpasswdPassword).
Get(baseURL + "/v2/")
So(err, ShouldBeNil)
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, http.StatusInternalServerError)
// second ldap saveSessionLoggedUser() error
- resp, err = client.R().
- SetBasicAuth(username, passphrase).
+ resp, err = client.R().SetBasicAuth(username, password).
Get(baseURL + "/v2/")
So(err, ShouldBeNil)
So(resp, ShouldNotBeNil)
@@ -3448,7 +3448,7 @@ func TestAuthnSessionErrors(t *testing.T) {
session.ID = invalidSessionID
session.IsNew = false
session.Values["authStatus"] = false
- session.Values["username"] = username
+ session.Values["test.Username"] = username
cookieStore, ok := ctlr.CookieStore.Store.(*sessions.FilesystemStore)
So(ok, ShouldBeTrue)
@@ -3491,7 +3491,9 @@ func TestAuthnMetaDBErrors(t *testing.T) {
conf := config.New()
conf.HTTP.Port = port
- htpasswdPath := test.MakeHtpasswdFile()
+ username := test.GenerateRandomString()
+ password := test.GenerateRandomString()
+ htpasswdPath := test.MakeHtpasswdFileFromString(test.GetCredString(username, password))
defer os.Remove(htpasswdPath)
mockOIDCServer, err := authutils.MockOIDCRun()
@@ -3545,8 +3547,7 @@ func TestAuthnMetaDBErrors(t *testing.T) {
},
}
- resp, err := client.R().
- SetBasicAuth(username, passphrase).
+ resp, err := client.R().SetBasicAuth(username, password).
Get(baseURL + "/v2/_catalog")
So(err, ShouldBeNil)
So(resp, ShouldNotBeNil)
@@ -3600,7 +3601,9 @@ func TestAuthorization(t *testing.T) {
baseURL := test.GetBaseURL(port)
conf := config.New()
conf.HTTP.Port = port
- htpasswdPath := test.MakeHtpasswdFile()
+ username := test.GenerateRandomString()
+ password := test.GenerateRandomString()
+ htpasswdPath := test.MakeHtpasswdFileFromString(test.GetCredString(username, password))
defer os.Remove(htpasswdPath)
conf.HTTP.Auth = &config.AuthConfig{
@@ -3610,7 +3613,7 @@ func TestAuthorization(t *testing.T) {
}
conf.HTTP.AccessControl = &config.AccessControlConfig{
Repositories: config.Repositories{
- AuthorizationAllRepos: config.PolicyGroup{
+ test.AuthorizationAllRepos: config.PolicyGroup{
Policies: []config.Policy{
{
Users: []string{},
@@ -3670,7 +3673,7 @@ func TestAuthorization(t *testing.T) {
client.SetRedirectPolicy(test.CustomRedirectPolicy(20))
mockOIDCServer.QueueUser(&mockoidc.MockUser{
- Email: "test",
+ Email: username,
Subject: "1234567890",
})
@@ -3686,7 +3689,7 @@ func TestAuthorization(t *testing.T) {
client.SetCookies(resp.Cookies())
client.SetHeader(constants.SessionClientHeaderName, constants.SessionClientHeaderValue)
- RunAuthorizationTests(t, client, baseURL, conf)
+ RunAuthorizationTests(t, client, baseURL, username, conf)
})
Convey("with basic auth", func() {
@@ -3702,9 +3705,9 @@ func TestAuthorization(t *testing.T) {
defer cm.StopServer()
client := resty.New()
- client.SetBasicAuth(username, passphrase)
+ client.SetBasicAuth(username, password)
- RunAuthorizationTests(t, client, baseURL, conf)
+ RunAuthorizationTests(t, client, baseURL, username, conf)
})
})
}
@@ -3714,7 +3717,9 @@ func TestGetUsername(t *testing.T) {
port := test.GetFreePort()
baseURL := test.GetBaseURL(port)
- htpasswdPath := test.MakeHtpasswdFileFromString(getCredString(username, passphrase))
+ username := test.GenerateRandomString()
+ password := test.GenerateRandomString()
+ htpasswdPath := test.MakeHtpasswdFileFromString(test.GetCredString(username, password))
defer os.Remove(htpasswdPath)
conf := config.New()
@@ -3759,7 +3764,7 @@ func TestGetUsername(t *testing.T) {
err = json.Unmarshal(resp.Body(), &e)
So(err, ShouldBeNil)
- resp, err = resty.R().SetBasicAuth(username, passphrase).Get(baseURL + "/v2/_catalog")
+ resp, err = resty.R().SetBasicAuth(username, password).Get(baseURL + "/v2/_catalog")
So(err, ShouldBeNil)
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, http.StatusOK)
@@ -4010,10 +4015,9 @@ func TestAuthorizationWithAnonymousPolicyBasicAuthAndSessionHeader(t *testing.T)
baseURL := test.GetBaseURL(port)
badpassphrase := "bad"
- htpasswdContent := fmt.Sprintf("%s:$2y$05$hlbSXDp6hzDLu6VwACS39ORvVRpr3OMR4RlJ31jtlaOEGnPjKZI1m\n",
- htpasswdUsername)
-
- htpasswdPath := test.MakeHtpasswdFileFromString(htpasswdContent)
+ htpasswdUsername := test.GenerateRandomString()
+ htpasswdPassword := test.GenerateRandomString()
+ htpasswdPath := test.MakeHtpasswdFileFromString(test.GetCredString(htpasswdUsername, htpasswdPassword))
defer os.Remove(htpasswdPath)
img := CreateRandomImage()
@@ -4064,16 +4068,14 @@ func TestAuthorizationWithAnonymousPolicyBasicAuthAndSessionHeader(t *testing.T)
So(resp.StatusCode(), ShouldEqual, http.StatusOK)
// Can access /v2 with correct credentials
- resp, err = resty.R().
- SetBasicAuth(htpasswdUsername, passphrase).
+ resp, err = resty.R().SetBasicAuth(htpasswdUsername, htpasswdPassword).
Get(baseURL + "/v2/")
So(err, ShouldBeNil)
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, http.StatusOK)
// Fail to access /v2 with incorrect credentials
- resp, err = resty.R().
- SetBasicAuth(htpasswdUsername, badpassphrase).
+ resp, err = resty.R().SetBasicAuth(htpasswdUsername, badpassphrase).
Get(baseURL + "/v2/")
So(err, ShouldBeNil)
So(resp, ShouldNotBeNil)
@@ -4098,8 +4100,7 @@ func TestAuthorizationWithAnonymousPolicyBasicAuthAndSessionHeader(t *testing.T)
err = json.Unmarshal(resp.Body(), &apiError)
So(err, ShouldBeNil)
- resp, err = resty.R().
- SetBasicAuth(htpasswdUsername, passphrase).
+ resp, err = resty.R().SetBasicAuth(htpasswdUsername, htpasswdPassword).
Get(baseURL + "/v2/_catalog")
So(err, ShouldBeNil)
So(resp, ShouldNotBeNil)
@@ -4124,7 +4125,7 @@ func TestAuthorizationWithAnonymousPolicyBasicAuthAndSessionHeader(t *testing.T)
So(err, ShouldNotBeNil)
err = UploadImageWithBasicAuth(img, baseURL,
- TestRepo, tagAuth, htpasswdUsername, passphrase)
+ TestRepo, tagAuth, htpasswdUsername, htpasswdPassword)
So(err, ShouldNotBeNil)
err = UploadImageWithBasicAuth(img, baseURL,
@@ -4145,7 +4146,7 @@ func TestAuthorizationWithAnonymousPolicyBasicAuthAndSessionHeader(t *testing.T)
So(err, ShouldBeNil)
err = UploadImageWithBasicAuth(img, baseURL,
- TestRepo, tagAuth, htpasswdUsername, passphrase)
+ TestRepo, tagAuth, htpasswdUsername, htpasswdPassword)
So(err, ShouldBeNil)
err = UploadImageWithBasicAuth(img, baseURL,
@@ -4187,8 +4188,7 @@ func TestAuthorizationWithAnonymousPolicyBasicAuthAndSessionHeader(t *testing.T)
Repositories []string `json:"repositories"`
}{}
- resp, err = resty.R().
- SetBasicAuth(htpasswdUsername, passphrase).
+ resp, err = resty.R().SetBasicAuth(htpasswdUsername, htpasswdPassword).
Get(baseURL + "/v2/_catalog")
So(err, ShouldBeNil)
So(resp, ShouldNotBeNil)
@@ -4199,8 +4199,7 @@ func TestAuthorizationWithAnonymousPolicyBasicAuthAndSessionHeader(t *testing.T)
So(len(catalog.Repositories), ShouldEqual, 1)
So(catalog.Repositories, ShouldContain, TestRepo)
- resp, err = resty.R().
- SetBasicAuth(htpasswdUsername, badpassphrase).
+ resp, err = resty.R().SetBasicAuth(htpasswdUsername, badpassphrase).
Get(baseURL + "/v2/_catalog")
So(err, ShouldBeNil)
So(resp, ShouldNotBeNil)
@@ -4215,9 +4214,13 @@ func TestAuthorizationWithMultiplePolicies(t *testing.T) {
conf := config.New()
conf.HTTP.Port = port
- // have two users: "test" user for user Policy, and "bob" for default policy
- htpasswdPath := test.MakeHtpasswdFileFromString(getCredString(username, passphrase) +
- "\n" + getCredString("bob", passphrase))
+ // have two users: one for user Policy, and another for default policy
+ username1 := test.GenerateRandomString()
+ password1 := test.GenerateRandomString()
+ username2 := test.GenerateRandomString()
+ password2 := test.GenerateRandomString()
+ content := test.GetCredString(username1, password1) + test.GetCredString(username2, password2)
+ htpasswdPath := test.MakeHtpasswdFileFromString(content)
defer os.Remove(htpasswdPath)
conf.HTTP.Auth = &config.AuthConfig{
@@ -4228,7 +4231,7 @@ func TestAuthorizationWithMultiplePolicies(t *testing.T) {
// config with all policy types, to test that the correct one is applied in each case
conf.HTTP.AccessControl = &config.AccessControlConfig{
Repositories: config.Repositories{
- AuthorizationAllRepos: config.PolicyGroup{
+ test.AuthorizationAllRepos: config.PolicyGroup{
Policies: []config.Policy{
{
Users: []string{},
@@ -4291,7 +4294,7 @@ func TestAuthorizationWithMultiplePolicies(t *testing.T) {
testUserClient.SetRedirectPolicy(test.CustomRedirectPolicy(20))
mockOIDCServer.QueueUser(&mockoidc.MockUser{
- Email: "test",
+ Email: username1,
Subject: "1234567890",
})
@@ -4312,7 +4315,7 @@ func TestAuthorizationWithMultiplePolicies(t *testing.T) {
bobUserClient.SetRedirectPolicy(test.CustomRedirectPolicy(20))
mockOIDCServer.QueueUser(&mockoidc.MockUser{
- Email: "bob",
+ Email: username2,
Subject: "1234567890",
})
@@ -4328,7 +4331,7 @@ func TestAuthorizationWithMultiplePolicies(t *testing.T) {
bobUserClient.SetCookies(resp.Cookies())
bobUserClient.SetHeader(constants.SessionClientHeaderName, constants.SessionClientHeaderValue)
- RunAuthorizationWithMultiplePoliciesTests(t, testUserClient, bobUserClient, baseURL, conf)
+ RunAuthorizationWithMultiplePoliciesTests(t, testUserClient, bobUserClient, baseURL, username1, username2, conf)
})
Convey("with basic auth", func() {
@@ -4345,13 +4348,13 @@ func TestAuthorizationWithMultiplePolicies(t *testing.T) {
cm.StartAndWait(port)
defer cm.StopServer()
- testUserClient := resty.New()
- testUserClient.SetBasicAuth(username, passphrase)
+ userClient1 := resty.New()
+ userClient1.SetBasicAuth(username1, password1)
- bobUserClient := resty.New()
- bobUserClient.SetBasicAuth("bob", passphrase)
+ userClient2 := resty.New()
+ userClient2.SetBasicAuth(username2, password2)
- RunAuthorizationWithMultiplePoliciesTests(t, testUserClient, bobUserClient, baseURL, conf)
+ RunAuthorizationWithMultiplePoliciesTests(t, userClient1, userClient2, baseURL, username1, username2, conf)
})
})
}
@@ -4363,8 +4366,9 @@ func TestInvalidCases(t *testing.T) {
conf := config.New()
conf.HTTP.Port = port
- htpasswdPath := test.MakeHtpasswdFileFromString(getCredString(username, passphrase))
-
+ username := test.GenerateRandomString()
+ password := test.GenerateRandomString()
+ htpasswdPath := test.MakeHtpasswdFileFromString(test.GetCredString(username, password))
defer os.Remove(htpasswdPath)
conf.HTTP.Auth = &config.AuthConfig{
@@ -4410,7 +4414,7 @@ func TestInvalidCases(t *testing.T) {
params["mount"] = digest
postResponse, err := client.R().
- SetBasicAuth(username, passphrase).SetQueryParams(params).
+ SetBasicAuth(username, password).SetQueryParams(params).
Post(fmt.Sprintf("%s/v2/%s/blobs/uploads/", baseURL, name))
So(err, ShouldBeNil)
So(postResponse.StatusCode(), ShouldEqual, http.StatusInternalServerError)
@@ -4420,10 +4424,10 @@ func TestInvalidCases(t *testing.T) {
func TestHTTPReadOnly(t *testing.T) {
Convey("Single cred", t, func() {
singleCredtests := []string{}
- user := ALICE
- password := ALICE
- singleCredtests = append(singleCredtests, getCredString(user, password))
- singleCredtests = append(singleCredtests, getCredString(user, password)+"\n")
+ user := test.GenerateRandomString()
+ password := test.GenerateRandomString()
+ singleCredtests = append(singleCredtests, test.GetCredString(user, password))
+ singleCredtests = append(singleCredtests, test.GetCredString(user, password)+"\n")
port := test.GetFreePort()
baseURL := test.GetBaseURL(port)
@@ -4435,7 +4439,7 @@ func TestHTTPReadOnly(t *testing.T) {
// enable read-only mode
conf.HTTP.AccessControl = &config.AccessControlConfig{
Repositories: config.Repositories{
- AuthorizationAllRepos: config.PolicyGroup{
+ test.AuthorizationAllRepos: config.PolicyGroup{
DefaultPolicy: []string{"read"},
},
},
@@ -4459,9 +4463,10 @@ func TestHTTPReadOnly(t *testing.T) {
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, http.StatusOK)
+ repoName := test.GenerateRandomName() + "/" + test.GenerateRandomName()
// with creds, any modifications should still fail on read-only mode
resp, err := resty.R().SetBasicAuth(user, password).
- Post(baseURL + "/v2/" + AuthorizedNamespace + "/blobs/uploads/")
+ Post(baseURL + "/v2/" + repoName + "/blobs/uploads/")
So(err, ShouldBeNil)
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, http.StatusForbidden)
@@ -4482,8 +4487,9 @@ func TestCrossRepoMount(t *testing.T) {
conf := config.New()
conf.HTTP.Port = port
- htpasswdPath := test.MakeHtpasswdFileFromString(getCredString(username, passphrase))
-
+ username := test.GenerateRandomString()
+ password := test.GenerateRandomString()
+ htpasswdPath := test.MakeHtpasswdFileFromString(test.GetCredString(username, password))
defer os.Remove(htpasswdPath)
conf.HTTP.Auth = &config.AuthConfig{
@@ -4518,7 +4524,7 @@ func TestCrossRepoMount(t *testing.T) {
params["from"] = name
client := resty.New()
- headResponse, err := client.R().SetBasicAuth(username, passphrase).
+ headResponse, err := client.R().SetBasicAuth(username, password).
Head(fmt.Sprintf("%s/v2/%s/blobs/%s", baseURL, name, manifestDigest))
So(err, ShouldBeNil)
So(headResponse.StatusCode(), ShouldEqual, http.StatusOK)
@@ -4527,7 +4533,7 @@ func TestCrossRepoMount(t *testing.T) {
params["mount"] = "sha:"
postResponse, err := client.R().
- SetBasicAuth(username, passphrase).SetQueryParams(params).
+ SetBasicAuth(username, password).SetQueryParams(params).
Post(baseURL + "/v2/zot-c-test/blobs/uploads/")
So(err, ShouldBeNil)
So(postResponse.StatusCode(), ShouldEqual, http.StatusAccepted)
@@ -4541,7 +4547,7 @@ func TestCrossRepoMount(t *testing.T) {
incorrectParams["from"] = "zot-x-test"
postResponse, err = client.R().
- SetBasicAuth(username, passphrase).SetQueryParams(incorrectParams).
+ SetBasicAuth(username, password).SetQueryParams(incorrectParams).
Post(baseURL + "/v2/zot-y-test/blobs/uploads/")
So(err, ShouldBeNil)
So(postResponse.StatusCode(), ShouldEqual, http.StatusAccepted)
@@ -4552,7 +4558,7 @@ func TestCrossRepoMount(t *testing.T) {
// This is correct request but it will return 202 because blob is not present in cache.
params["mount"] = string(manifestDigest)
postResponse, err = client.R().
- SetBasicAuth(username, passphrase).SetQueryParams(params).
+ SetBasicAuth(username, password).SetQueryParams(params).
Post(baseURL + "/v2/zot-c-test/blobs/uploads/")
So(err, ShouldBeNil)
So(postResponse.StatusCode(), ShouldEqual, http.StatusAccepted)
@@ -4561,30 +4567,30 @@ func TestCrossRepoMount(t *testing.T) {
// Send same request again
postResponse, err = client.R().
- SetBasicAuth(username, passphrase).SetQueryParams(params).
+ SetBasicAuth(username, password).SetQueryParams(params).
Post(baseURL + "/v2/zot-c-test/blobs/uploads/")
So(err, ShouldBeNil)
So(postResponse.StatusCode(), ShouldEqual, http.StatusAccepted)
// Valid requests
postResponse, err = client.R().
- SetBasicAuth(username, passphrase).SetQueryParams(params).
+ SetBasicAuth(username, password).SetQueryParams(params).
Post(baseURL + "/v2/zot-d-test/blobs/uploads/")
So(err, ShouldBeNil)
So(postResponse.StatusCode(), ShouldEqual, http.StatusAccepted)
- headResponse, err = client.R().SetBasicAuth(username, passphrase).
+ headResponse, err = client.R().SetBasicAuth(username, password).
Head(fmt.Sprintf("%s/v2/zot-cv-test/blobs/%s", baseURL, manifestDigest))
So(err, ShouldBeNil)
So(headResponse.StatusCode(), ShouldEqual, http.StatusNotFound)
postResponse, err = client.R().
- SetBasicAuth(username, passphrase).SetQueryParams(params).Post(baseURL + "/v2/zot-c-test/blobs/uploads/")
+ SetBasicAuth(username, password).SetQueryParams(params).Post(baseURL + "/v2/zot-c-test/blobs/uploads/")
So(err, ShouldBeNil)
So(postResponse.StatusCode(), ShouldEqual, http.StatusAccepted)
postResponse, err = client.R().
- SetBasicAuth(username, passphrase).SetQueryParams(params).
+ SetBasicAuth(username, password).SetQueryParams(params).
Post(baseURL + "/v2/ /blobs/uploads/")
So(err, ShouldBeNil)
So(postResponse.StatusCode(), ShouldEqual, http.StatusNotFound)
@@ -4597,7 +4603,7 @@ func TestCrossRepoMount(t *testing.T) {
}
postResponse, err = client.R().SetHeader("Content-type", "application/octet-stream").
- SetBasicAuth(username, passphrase).SetQueryParam("digest", "sha256:"+blob).
+ SetBasicAuth(username, password).SetQueryParam("digest", "sha256:"+blob).
SetBody(buf).Post(baseURL + "/v2/zot-d-test/blobs/uploads/")
So(err, ShouldBeNil)
So(postResponse.StatusCode(), ShouldEqual, http.StatusCreated)
@@ -4625,7 +4631,7 @@ func TestCrossRepoMount(t *testing.T) {
params["mount"] = string(manifestDigest)
postResponse, err = client.R().
- SetBasicAuth(username, passphrase).SetQueryParams(params).
+ SetBasicAuth(username, password).SetQueryParams(params).
Post(baseURL + "/v2/zot-mount-test/blobs/uploads/")
So(err, ShouldBeNil)
So(postResponse.StatusCode(), ShouldEqual, http.StatusCreated)
@@ -4650,7 +4656,7 @@ func TestCrossRepoMount(t *testing.T) {
params["mount"] = string(manifestDigest)
params["from"] = "zot-mount-test"
postResponse, err = client.R().
- SetBasicAuth(username, passphrase).SetQueryParams(params).
+ SetBasicAuth(username, password).SetQueryParams(params).
Post(baseURL + "/v2/zot-mount1-test/blobs/uploads/")
So(err, ShouldBeNil)
So(postResponse.StatusCode(), ShouldEqual, http.StatusCreated)
@@ -4664,7 +4670,7 @@ func TestCrossRepoMount(t *testing.T) {
So(os.SameFile(cacheFi, linkFi), ShouldEqual, true)
- headResponse, err = client.R().SetBasicAuth(username, passphrase).
+ headResponse, err = client.R().SetBasicAuth(username, password).
Head(fmt.Sprintf("%s/v2/zot-cv-test/blobs/%s", baseURL, manifestDigest))
So(err, ShouldBeNil)
So(headResponse.StatusCode(), ShouldEqual, http.StatusOK)
@@ -4673,7 +4679,7 @@ func TestCrossRepoMount(t *testing.T) {
params = make(map[string]string)
params["mount"] = "sha256:"
postResponse, err = client.R().
- SetBasicAuth(username, passphrase).SetQueryParams(params).
+ SetBasicAuth(username, password).SetQueryParams(params).
Post(baseURL + "/v2/zot-mount-test/blobs/uploads/")
So(err, ShouldBeNil)
So(postResponse.StatusCode(), ShouldEqual, http.StatusAccepted)
@@ -4681,7 +4687,7 @@ func TestCrossRepoMount(t *testing.T) {
params = make(map[string]string)
params["from"] = "zot-cve-test"
postResponse, err = client.R().
- SetBasicAuth(username, passphrase).SetQueryParams(params).
+ SetBasicAuth(username, password).SetQueryParams(params).
Post(baseURL + "/v2/zot-mount-test/blobs/uploads/")
So(err, ShouldBeNil)
So(postResponse.StatusCode(), ShouldEqual, http.StatusMethodNotAllowed)
@@ -4693,7 +4699,7 @@ func TestCrossRepoMount(t *testing.T) {
conf := config.New()
conf.HTTP.Port = port
- htpasswdPath := test.MakeHtpasswdFileFromString(getCredString(username, passphrase))
+ htpasswdPath := test.MakeHtpasswdFileFromString(test.GetCredString(username, password))
defer os.Remove(htpasswdPath)
@@ -4724,7 +4730,7 @@ func TestCrossRepoMount(t *testing.T) {
digest := godigest.FromBytes(image.Layers[0])
name := "zot-c-test"
client := resty.New()
- headResponse, err := client.R().SetBasicAuth(username, passphrase).
+ headResponse, err := client.R().SetBasicAuth(username, password).
Head(fmt.Sprintf("%s/v2/%s/blobs/%s", baseURL, name, digest))
So(err, ShouldBeNil)
So(headResponse.StatusCode(), ShouldEqual, http.StatusNotFound)
@@ -4834,7 +4840,13 @@ func TestParallelRequests(t *testing.T) {
conf := config.New()
conf.HTTP.Port = port
- htpasswdPath := test.MakeHtpasswdFileFromString(getCredString(username, passphrase))
+ username := test.GenerateRandomString()
+ password := test.GenerateRandomString()
+ htpasswdPath := test.MakeHtpasswdFileFromString(test.GetCredString(username, password))
+
+ t.Cleanup(func() {
+ os.Remove(htpasswdPath)
+ })
conf.HTTP.Auth = &config.AuthConfig{
HTPasswd: config.AuthHTPasswd{
@@ -4875,7 +4887,7 @@ func TestParallelRequests(t *testing.T) {
t.Parallel()
client := resty.New()
- tagResponse, err := client.R().SetBasicAuth(username, passphrase).
+ tagResponse, err := client.R().SetBasicAuth(username, password).
Get(baseURL + "/v2/" + testcase.destImageName + "/tags/list")
assert.Equal(t, err, nil, "Error should be nil")
assert.NotEqual(t, tagResponse.StatusCode(), http.StatusBadRequest, "bad request")
@@ -4883,12 +4895,12 @@ func TestParallelRequests(t *testing.T) {
manifestList := getAllManifests(path.Join(testImagesDir, testcase.srcImageName))
for _, manifest := range manifestList {
- headResponse, err := client.R().SetBasicAuth(username, passphrase).
+ headResponse, err := client.R().SetBasicAuth(username, password).
Head(baseURL + "/v2/" + testcase.destImageName + "/manifests/" + manifest)
assert.Equal(t, err, nil, "Error should be nil")
assert.Equal(t, headResponse.StatusCode(), http.StatusNotFound, "response status code should return 404")
- getResponse, err := client.R().SetBasicAuth(username, passphrase).
+ getResponse, err := client.R().SetBasicAuth(username, password).
Get(baseURL + "/v2/" + testcase.destImageName + "/manifests/" + manifest)
assert.Equal(t, err, nil, "Error should be nil")
assert.Equal(t, getResponse.StatusCode(), http.StatusNotFound, "response status code should return 404")
@@ -4898,16 +4910,14 @@ func TestParallelRequests(t *testing.T) {
for _, blob := range blobList {
// Get request of blob
- headResponse, err := client.R().
- SetBasicAuth(username, passphrase).
+ headResponse, err := client.R().SetBasicAuth(username, password).
Head(baseURL + "/v2/" + testcase.destImageName + "/blobs/sha256:" + blob)
assert.Equal(t, err, nil, "Should not be nil")
assert.NotEqual(t, headResponse.StatusCode(), http.StatusInternalServerError,
"internal server error should not occurred")
- getResponse, err := client.R().
- SetBasicAuth(username, passphrase).
+ getResponse, err := client.R().SetBasicAuth(username, password).
Get(baseURL + "/v2/" + testcase.destImageName + "/blobs/sha256:" + blob)
assert.Equal(t, err, nil, "Should not be nil")
@@ -4924,7 +4934,7 @@ func TestParallelRequests(t *testing.T) {
// Post request of blob
postResponse, err := client.R().
SetHeader("Content-type", "application/octet-stream").
- SetBasicAuth(username, passphrase).
+ SetBasicAuth(username, password).
SetBody(buf).Post(baseURL + "/v2/" + testcase.destImageName + "/blobs/uploads/")
assert.Equal(t, err, nil, "Error should be nil")
@@ -4935,7 +4945,7 @@ func TestParallelRequests(t *testing.T) {
if run%2 == 0 {
postResponse, err = client.R().
SetHeader("Content-type", "application/octet-stream").
- SetBasicAuth(username, passphrase).
+ SetBasicAuth(username, password).
SetBody(buf).
Post(baseURL + "/v2/" + testcase.destImageName + "/blobs/uploads/")
@@ -4982,7 +4992,7 @@ func TestParallelRequests(t *testing.T) {
SetHeader("Content-Type", "application/octet-stream").
SetHeader("Content-Length", fmt.Sprintf("%d", nbytes)).
SetHeader("Content-Range", fmt.Sprintf("%d", readContent)+"-"+fmt.Sprintf("%d", readContent+nbytes-1)).
- SetBasicAuth(username, passphrase).
+ SetBasicAuth(username, password).
Patch(baseURL + "/v2/" + testcase.destImageName + "/blobs/uploads/" + sessionID)
assert.Equal(t, err, nil, "Error should be nil")
@@ -5003,7 +5013,7 @@ func TestParallelRequests(t *testing.T) {
// Patch request of blob
patchResponse, err := client.R().SetBody(buf[0:nbytes]).SetHeader("Content-type", "application/octet-stream").
- SetBasicAuth(username, passphrase).
+ SetBasicAuth(username, password).
Patch(baseURL + "/v2/" + testcase.destImageName + "/blobs/uploads/" + sessionID)
if err != nil {
panic(err)
@@ -5017,7 +5027,7 @@ func TestParallelRequests(t *testing.T) {
} else {
postResponse, err = client.R().
SetHeader("Content-type", "application/octet-stream").
- SetBasicAuth(username, passphrase).
+ SetBasicAuth(username, password).
SetBody(buf).SetQueryParam("digest", "sha256:"+blob).
Post(baseURL + "/v2/" + testcase.destImageName + "/blobs/uploads/")
@@ -5027,26 +5037,26 @@ func TestParallelRequests(t *testing.T) {
}
headResponse, err = client.R().
- SetBasicAuth(username, passphrase).
+ SetBasicAuth(username, password).
Head(baseURL + "/v2/" + testcase.destImageName + "/blobs/sha256:" + blob)
assert.Equal(t, err, nil, "Should not be nil")
assert.NotEqual(t, headResponse.StatusCode(), http.StatusInternalServerError, "response should return success code")
getResponse, err = client.R().
- SetBasicAuth(username, passphrase).
+ SetBasicAuth(username, password).
Get(baseURL + "/v2/" + testcase.destImageName + "/blobs/sha256:" + blob)
assert.Equal(t, err, nil, "Should not be nil")
assert.NotEqual(t, getResponse.StatusCode(), http.StatusInternalServerError, "response should return success code")
}
- tagResponse, err = client.R().SetBasicAuth(username, passphrase).
+ tagResponse, err = client.R().SetBasicAuth(username, password).
Get(baseURL + "/v2/" + testcase.destImageName + "/tags/list")
assert.Equal(t, err, nil, "Error should be nil")
assert.Equal(t, tagResponse.StatusCode(), http.StatusOK, "response status code should return success code")
- repoResponse, err := client.R().SetBasicAuth(username, passphrase).
+ repoResponse, err := client.R().SetBasicAuth(username, password).
Get(baseURL + constants.RoutePrefix + constants.ExtCatalogPrefix)
assert.Equal(t, err, nil, "Error should be nil")
assert.Equal(t, repoResponse.StatusCode(), http.StatusOK, "response status code should return success code")
@@ -7173,7 +7183,7 @@ func TestManifestCollision(t *testing.T) {
conf.HTTP.AccessControl = &config.AccessControlConfig{
Repositories: config.Repositories{
- AuthorizationAllRepos: config.PolicyGroup{
+ test.AuthorizationAllRepos: config.PolicyGroup{
AnonymousPolicy: []string{
constants.ReadPermission,
constants.CreatePermission,
@@ -7231,9 +7241,9 @@ func TestManifestCollision(t *testing.T) {
So(resp.StatusCode(), ShouldEqual, http.StatusConflict)
// remove detectManifestCollision action from ** (all repos)
- repoPolicy := conf.HTTP.AccessControl.Repositories[AuthorizationAllRepos]
+ repoPolicy := conf.HTTP.AccessControl.Repositories[test.AuthorizationAllRepos]
repoPolicy.AnonymousPolicy = []string{"read", "delete"}
- conf.HTTP.AccessControl.Repositories[AuthorizationAllRepos] = repoPolicy
+ conf.HTTP.AccessControl.Repositories[test.AuthorizationAllRepos] = repoPolicy
resp, err = resty.R().Delete(baseURL + "/v2/index/manifests/" + digest.String())
So(err, ShouldBeNil)
@@ -8246,7 +8256,7 @@ func TestSearchRoutes(t *testing.T) {
user1 := "test"
password1 := "test"
- testString1 := getCredString(user1, password1)
+ testString1 := test.GetCredString(user1, password1)
htpasswdPath := test.MakeHtpasswdFileFromString(testString1)
defer os.Remove(htpasswdPath)
conf.HTTP.Auth = &config.AuthConfig{
@@ -8395,7 +8405,7 @@ func TestSearchRoutes(t *testing.T) {
user1 := "test1"
password1 := "test1"
group1 := "testgroup3"
- testString1 := getCredString(user1, password1)
+ testString1 := test.GetCredString(user1, password1)
htpasswdPath := test.MakeHtpasswdFileFromString(testString1)
defer os.Remove(htpasswdPath)
conf.HTTP.Auth = &config.AuthConfig{
@@ -8478,7 +8488,7 @@ func TestSearchRoutes(t *testing.T) {
password1 := "test2"
group1 := "testgroup1"
group2 := "secondtestgroup"
- testString1 := getCredString(user1, password1)
+ testString1 := test.GetCredString(user1, password1)
htpasswdPath := test.MakeHtpasswdFileFromString(testString1)
defer os.Remove(htpasswdPath)
conf.HTTP.Auth = &config.AuthConfig{
@@ -8546,7 +8556,7 @@ func TestSearchRoutes(t *testing.T) {
user1 := "test3"
password1 := "test3"
group1 := "testgroup"
- testString1 := getCredString(user1, password1)
+ testString1 := test.GetCredString(user1, password1)
htpasswdPath := test.MakeHtpasswdFileFromString(testString1)
defer os.Remove(htpasswdPath)
conf.HTTP.Auth = &config.AuthConfig{
@@ -8614,7 +8624,7 @@ func TestSearchRoutes(t *testing.T) {
user1 := "test4"
password1 := "test4"
group1 := "testgroup1"
- testString1 := getCredString(user1, password1)
+ testString1 := test.GetCredString(user1, password1)
htpasswdPath := test.MakeHtpasswdFileFromString(testString1)
defer os.Remove(htpasswdPath)
conf.HTTP.Auth = &config.AuthConfig{
@@ -8682,7 +8692,7 @@ func TestSearchRoutes(t *testing.T) {
user1 := "test5"
password1 := "test5"
group1 := "testgroup2"
- testString1 := getCredString(user1, password1)
+ testString1 := test.GetCredString(user1, password1)
htpasswdPath := test.MakeHtpasswdFileFromString(testString1)
defer os.Remove(htpasswdPath)
conf.HTTP.Auth = &config.AuthConfig{
@@ -8736,13 +8746,12 @@ func TestSearchRoutes(t *testing.T) {
conf.HTTP.Port = port
defaultVal := true
- group1 := group
- user1 := username
- password1 := passphrase
-
- testString1 := getCredString(user1, password1)
- htpasswdPath := test.MakeHtpasswdFileFromString(testString1)
+ group1 := test.GenerateRandomString()
+ user1 := test.GenerateRandomString()
+ password1 := test.GenerateRandomString()
+ htpasswdPath := test.MakeHtpasswdFileFromString(test.GetCredString(user1, password1))
defer os.Remove(htpasswdPath)
+
conf.HTTP.Auth = &config.AuthConfig{
HTPasswd: config.AuthHTPasswd{
Path: htpasswdPath,
@@ -9152,7 +9161,7 @@ func makeController(conf *config.Config, dir string) *api.Controller {
}
func RunAuthorizationWithMultiplePoliciesTests(t *testing.T, userClient *resty.Client, bobClient *resty.Client,
- baseURL string, conf *config.Config,
+ baseURL, user1, user2 string, conf *config.Config,
) {
t.Helper()
@@ -9165,9 +9174,9 @@ func RunAuthorizationWithMultiplePoliciesTests(t *testing.T, userClient *resty.C
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, 401)
- repoPolicy := conf.HTTP.AccessControl.Repositories[AuthorizationAllRepos]
+ repoPolicy := conf.HTTP.AccessControl.Repositories[test.AuthorizationAllRepos]
repoPolicy.AnonymousPolicy = append(repoPolicy.AnonymousPolicy, "read")
- conf.HTTP.AccessControl.Repositories[AuthorizationAllRepos] = repoPolicy
+ conf.HTTP.AccessControl.Repositories[test.AuthorizationAllRepos] = repoPolicy
// should have access to /v2/, anonymous policy is applied, "read" allowed
resp, err = resty.R().Get(baseURL + "/v2/")
@@ -9181,8 +9190,8 @@ func RunAuthorizationWithMultiplePoliciesTests(t *testing.T, userClient *resty.C
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, http.StatusOK)
- // add "test" user to global policy with create permission
- repoPolicy.Policies[0].Users = append(repoPolicy.Policies[0].Users, "test")
+ // add user1 to global policy with create permission
+ repoPolicy.Policies[0].Users = append(repoPolicy.Policies[0].Users, user1)
repoPolicy.Policies[0].Actions = append(repoPolicy.Policies[0].Actions, "create")
// now it should get 202, user has the permission set on "create"
@@ -9216,7 +9225,7 @@ func RunAuthorizationWithMultiplePoliciesTests(t *testing.T, userClient *resty.C
So(resp.StatusCode(), ShouldEqual, http.StatusForbidden)
repoPolicy.DefaultPolicy = append(repoPolicy.DefaultPolicy, "read")
- conf.HTTP.AccessControl.Repositories[AuthorizationAllRepos] = repoPolicy
+ conf.HTTP.AccessControl.Repositories[test.AuthorizationAllRepos] = repoPolicy
// with read permission should get 200, because default policy allows reading now
resp, err = userClient.R().Get(baseURL + "/v2/" + AuthorizationNamespace + "/tags/list")
@@ -9243,8 +9252,8 @@ func RunAuthorizationWithMultiplePoliciesTests(t *testing.T, userClient *resty.C
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, http.StatusForbidden)
- // add read permission to user "bob"
- conf.HTTP.AccessControl.AdminPolicy.Users = append(conf.HTTP.AccessControl.AdminPolicy.Users, "bob")
+ // add read permission to user2"
+ conf.HTTP.AccessControl.AdminPolicy.Users = append(conf.HTTP.AccessControl.AdminPolicy.Users, user2)
conf.HTTP.AccessControl.AdminPolicy.Actions = append(conf.HTTP.AccessControl.AdminPolicy.Actions, "create")
// added create permission to user "bob", should be allowed now
@@ -9286,7 +9295,7 @@ func RunAuthorizationWithMultiplePoliciesTests(t *testing.T, userClient *resty.C
So(catalog.Repositories, ShouldContain, AuthorizationNamespace)
// no policy
- conf.HTTP.AccessControl.Repositories[AuthorizationAllRepos] = config.PolicyGroup{}
+ conf.HTTP.AccessControl.Repositories[test.AuthorizationAllRepos] = config.PolicyGroup{}
// no policies, so no anonymous allowed
resp, err = resty.R().Get(baseURL + "/v2/_catalog")
@@ -9315,7 +9324,7 @@ func RunAuthorizationWithMultiplePoliciesTests(t *testing.T, userClient *resty.C
So(len(catalog.Repositories), ShouldEqual, 0)
}
-func RunAuthorizationTests(t *testing.T, client *resty.Client, baseURL string, conf *config.Config) {
+func RunAuthorizationTests(t *testing.T, client *resty.Client, baseURL, user string, conf *config.Config) {
t.Helper()
Convey("run authorization tests", func() {
@@ -9351,9 +9360,8 @@ func RunAuthorizationTests(t *testing.T, client *resty.Client, baseURL string, c
// first let's use global based policies
// add test user to global policy with create perm
- conf.HTTP.AccessControl.Repositories[AuthorizationAllRepos].Policies[0].Users = append(conf.HTTP.AccessControl.Repositories[AuthorizationAllRepos].Policies[0].Users, "test") //nolint:lll // gofumpt conflicts with lll
-
- conf.HTTP.AccessControl.Repositories[AuthorizationAllRepos].Policies[0].Actions = append(conf.HTTP.AccessControl.Repositories[AuthorizationAllRepos].Policies[0].Actions, "create") //nolint:lll // gofumpt conflicts with lll
+ conf.HTTP.AccessControl.Repositories[test.AuthorizationAllRepos].Policies[0].Users = append(conf.HTTP.AccessControl.Repositories[test.AuthorizationAllRepos].Policies[0].Users, user) //nolint:lll // gofumpt conflicts with lll
+ conf.HTTP.AccessControl.Repositories[test.AuthorizationAllRepos].Policies[0].Actions = append(conf.HTTP.AccessControl.Repositories[test.AuthorizationAllRepos].Policies[0].Actions, "create") //nolint:lll // gofumpt conflicts with lll
// now it should get 202
resp, err = client.R().Post(baseURL + "/v2/" + AuthorizationNamespace + "/blobs/uploads/")
@@ -9386,7 +9394,7 @@ func RunAuthorizationTests(t *testing.T, client *resty.Client, baseURL string, c
So(resp.StatusCode(), ShouldEqual, http.StatusForbidden)
// get tags with read access should get 200
- conf.HTTP.AccessControl.Repositories[AuthorizationAllRepos].Policies[0].Actions = append(conf.HTTP.AccessControl.Repositories[AuthorizationAllRepos].Policies[0].Actions, "read") //nolint:lll // gofumpt conflicts with lll
+ conf.HTTP.AccessControl.Repositories[test.AuthorizationAllRepos].Policies[0].Actions = append(conf.HTTP.AccessControl.Repositories[test.AuthorizationAllRepos].Policies[0].Actions, "read") //nolint:lll // gofumpt conflicts with lll
resp, err = client.R().Get(baseURL + "/v2/" + AuthorizationNamespace + "/tags/list")
So(err, ShouldBeNil)
@@ -9412,7 +9420,7 @@ func RunAuthorizationTests(t *testing.T, client *resty.Client, baseURL string, c
So(resp.StatusCode(), ShouldEqual, http.StatusForbidden)
// add delete perm on repo
- conf.HTTP.AccessControl.Repositories[AuthorizationAllRepos].Policies[0].Actions = append(conf.HTTP.AccessControl.Repositories[AuthorizationAllRepos].Policies[0].Actions, "delete") //nolint:lll // gofumpt conflicts with lll
+ conf.HTTP.AccessControl.Repositories[test.AuthorizationAllRepos].Policies[0].Actions = append(conf.HTTP.AccessControl.Repositories[test.AuthorizationAllRepos].Policies[0].Actions, "delete") //nolint:lll // gofumpt conflicts with lll
// delete blob should get 202
resp, err = client.R().Delete(baseURL + "/v2/" + AuthorizationNamespace + "/blobs/" + digest)
@@ -9433,7 +9441,7 @@ func RunAuthorizationTests(t *testing.T, client *resty.Client, baseURL string, c
DefaultPolicy: []string{},
}
- conf.HTTP.AccessControl.Repositories[AuthorizationNamespace].Policies[0].Users = append(conf.HTTP.AccessControl.Repositories[AuthorizationNamespace].Policies[0].Users, "test") //nolint:lll // gofumpt conflicts with lll
+ conf.HTTP.AccessControl.Repositories[AuthorizationNamespace].Policies[0].Users = append(conf.HTTP.AccessControl.Repositories[AuthorizationNamespace].Policies[0].Users, user) //nolint:lll // gofumpt conflicts with lll
conf.HTTP.AccessControl.Repositories[AuthorizationNamespace].Policies[0].Actions = append(conf.HTTP.AccessControl.Repositories[AuthorizationNamespace].Policies[0].Actions, "create") //nolint:lll // gofumpt conflicts with lll
// now it should get 202
@@ -9507,10 +9515,10 @@ func RunAuthorizationTests(t *testing.T, client *resty.Client, baseURL string, c
So(resp.StatusCode(), ShouldEqual, http.StatusAccepted)
// remove permissions on **/* so it will not interfere with zot-test namespace
- repoPolicy := conf.HTTP.AccessControl.Repositories[AuthorizationAllRepos]
+ repoPolicy := conf.HTTP.AccessControl.Repositories[test.AuthorizationAllRepos]
repoPolicy.Policies = []config.Policy{}
repoPolicy.DefaultPolicy = []string{}
- conf.HTTP.AccessControl.Repositories[AuthorizationAllRepos] = repoPolicy
+ conf.HTTP.AccessControl.Repositories[test.AuthorizationAllRepos] = repoPolicy
// get manifest should get 403, we don't have perm at all on this repo
resp, err = client.R().Get(baseURL + "/v2/zot-test/manifests/0.0.1")
@@ -9521,7 +9529,7 @@ func RunAuthorizationTests(t *testing.T, client *resty.Client, baseURL string, c
// add read perm on repo
conf.HTTP.AccessControl.Repositories["zot-test"] = config.PolicyGroup{Policies: []config.Policy{
{
- Users: []string{"test"},
+ Users: []string{user},
Actions: []string{"read"},
},
}, DefaultPolicy: []string{}}
@@ -9729,7 +9737,7 @@ func RunAuthorizationTests(t *testing.T, client *resty.Client, baseURL string, c
So(resp.StatusCode(), ShouldEqual, http.StatusForbidden)
// add read perm
- conf.HTTP.AccessControl.AdminPolicy.Users = append(conf.HTTP.AccessControl.AdminPolicy.Users, "test")
+ conf.HTTP.AccessControl.AdminPolicy.Users = append(conf.HTTP.AccessControl.AdminPolicy.Users, user)
conf.HTTP.AccessControl.AdminPolicy.Actions = append(conf.HTTP.AccessControl.AdminPolicy.Actions, "read")
// with read perm should get 200
diff --git a/pkg/api/routes_test.go b/pkg/api/routes_test.go
index 4d050dd31d..b8d5841d36 100644
--- a/pkg/api/routes_test.go
+++ b/pkg/api/routes_test.go
@@ -44,8 +44,11 @@ func TestRoutes(t *testing.T) {
conf := config.New()
conf.HTTP.Port = port
- htpasswdPath := test.MakeHtpasswdFile()
+ username := test.GenerateRandomString()
+ password := test.GenerateRandomString()
+ htpasswdPath := test.MakeHtpasswdFileFromString(test.GetCredString(username, password))
defer os.Remove(htpasswdPath)
+
mockOIDCServer, err := mockoidc.Run()
if err != nil {
panic(err)
diff --git a/pkg/cli/client/client_test.go b/pkg/cli/client/client_test.go
index 6192d44102..87f19c695b 100644
--- a/pkg/cli/client/client_test.go
+++ b/pkg/cli/client/client_test.go
@@ -25,18 +25,13 @@ import (
)
const (
- BaseURL1 = "http://127.0.0.1:8088"
BaseSecureURL1 = "https://127.0.0.1:8088"
HOST1 = "127.0.0.1:8088"
SecurePort1 = "8088"
- BaseURL2 = "http://127.0.0.1:8089"
BaseSecureURL2 = "https://127.0.0.1:8089"
SecurePort2 = "8089"
- BaseURL3 = "http://127.0.0.1:8090"
BaseSecureURL3 = "https://127.0.0.1:8090"
SecurePort3 = "8090"
- username = "test"
- passphrase = "test"
ServerCert = "../../../test/data/server.cert"
ServerKey = "../../../test/data/server.key"
CACert = "../../../test/data/ca.crt"
@@ -55,7 +50,9 @@ func TestTLSWithAuth(t *testing.T) {
defer func() { resty.SetTLSClientConfig(nil) }()
conf := config.New()
conf.HTTP.Port = SecurePort1
- htpasswdPath := test.MakeHtpasswdFile()
+ username := test.GenerateRandomString()
+ password := test.GenerateRandomString()
+ htpasswdPath := test.MakeHtpasswdFileFromString(test.GetCredString(username, password))
defer os.Remove(htpasswdPath)
conf.HTTP.Auth = &config.AuthConfig{
@@ -116,7 +113,7 @@ func TestTLSWithAuth(t *testing.T) {
So(err, ShouldNotBeNil)
So(imageBuff.String(), ShouldContainSubstring, "check credentials")
- user := fmt.Sprintf("%s:%s", username, passphrase)
+ user := fmt.Sprintf("%s:%s", username, password)
args = []string{"-u", user, "--config", "imagetest"}
configPath = makeConfigFile(
fmt.Sprintf(`{"configs":[{"_name":"imagetest","url":"%s%s%s","showspinner":false}]}`,
diff --git a/pkg/debug/pprof/pprof_test.go b/pkg/debug/pprof/pprof_test.go
index f1ceb6c9a5..43cf1eb8cd 100644
--- a/pkg/debug/pprof/pprof_test.go
+++ b/pkg/debug/pprof/pprof_test.go
@@ -22,14 +22,14 @@ func TestProfilingAuthz(t *testing.T) {
Convey("Make a new controller", t, func() {
port := test.GetFreePort()
baseURL := test.GetBaseURL(port)
- adminUsername := "admin"
- adminPassword := "admin"
- username := "test"
- password := "test"
- authorizationAllRepos := "**"
+ adminUsername := test.GenerateRandomString()
+ adminPassword := test.GenerateRandomString()
+ username := test.GenerateRandomString()
+ password := test.GenerateRandomString()
+ authorizationAllRepos := test.AuthorizationAllRepos
testCreds := test.GetCredString(adminUsername, adminPassword) +
- "\n" + test.GetCredString(username, password)
+ test.GetCredString(username, password)
htpasswdPath := test.MakeHtpasswdFileFromString(testCreds)
defer os.Remove(htpasswdPath)
diff --git a/pkg/extensions/extensions_test.go b/pkg/extensions/extensions_test.go
index 9f10636751..de1e8ce6cb 100644
--- a/pkg/extensions/extensions_test.go
+++ b/pkg/extensions/extensions_test.go
@@ -140,7 +140,9 @@ func TestMgmtExtension(t *testing.T) {
mockOIDCConfig := mockOIDCServer.Config()
Convey("Verify mgmt auth info route enabled with htpasswd", t, func() {
- htpasswdPath := test.MakeHtpasswdFile()
+ username := test.GenerateRandomString()
+ password := test.GenerateRandomString()
+ htpasswdPath := test.MakeHtpasswdFileFromString(test.GetCredString(username, password))
conf.HTTP.Auth.HTPasswd.Path = htpasswdPath
conf.Extensions = &extconf.ExtensionConfig{}
@@ -202,7 +204,7 @@ func TestMgmtExtension(t *testing.T) {
So(mgmtResp.HTTP.Auth.LDAP, ShouldBeNil)
// with credentials
- resp, err = resty.R().SetBasicAuth("test", "test").Get(baseURL + constants.FullMgmt)
+ resp, err = resty.R().SetBasicAuth(username, password).Get(baseURL + constants.FullMgmt)
So(err, ShouldBeNil)
So(resp.StatusCode(), ShouldEqual, http.StatusOK)
@@ -215,12 +217,13 @@ func TestMgmtExtension(t *testing.T) {
So(mgmtResp.HTTP.Auth.LDAP, ShouldBeNil)
// with wrong credentials
- resp, err = resty.R().SetBasicAuth("test", "wrong").Get(baseURL + constants.FullMgmt)
+ resp, err = resty.R().SetBasicAuth(username, "wrong").Get(baseURL + constants.FullMgmt)
So(err, ShouldBeNil)
So(resp.StatusCode(), ShouldEqual, http.StatusUnauthorized)
})
Convey("Verify mgmt auth info route enabled with ldap", t, func() {
+ defer os.Remove(conf.HTTP.Auth.HTPasswd.Path) // cleanup of a file created in previous Convey
conf.HTTP.Auth.LDAP = &config.LDAPConfig{
BindDN: "binddn",
BaseDN: "basedn",
@@ -281,7 +284,10 @@ func TestMgmtExtension(t *testing.T) {
})
Convey("Verify mgmt auth info route enabled with htpasswd + ldap", t, func() {
- htpasswdPath := test.MakeHtpasswdFile()
+ username := test.GenerateRandomString()
+ password := test.GenerateRandomString()
+ htpasswdPath := test.MakeHtpasswdFileFromString(test.GetCredString(username, password))
+ defer os.Remove(htpasswdPath)
conf.HTTP.Auth.HTPasswd.Path = htpasswdPath
conf.HTTP.Auth.LDAP = &config.LDAPConfig{
BindDN: "binddn",
@@ -342,7 +348,7 @@ func TestMgmtExtension(t *testing.T) {
So(mgmtResp.HTTP.Auth.Bearer, ShouldBeNil)
// with credentials
- resp, err = resty.R().SetBasicAuth("test", "test").Get(baseURL + constants.FullMgmt)
+ resp, err = resty.R().SetBasicAuth(username, password).Get(baseURL + constants.FullMgmt)
So(err, ShouldBeNil)
So(resp.StatusCode(), ShouldEqual, http.StatusOK)
@@ -356,7 +362,10 @@ func TestMgmtExtension(t *testing.T) {
})
Convey("Verify mgmt auth info route enabled with htpasswd + ldap + bearer", t, func() {
- htpasswdPath := test.MakeHtpasswdFile()
+ username := test.GenerateRandomString()
+ password := test.GenerateRandomString()
+ htpasswdPath := test.MakeHtpasswdFileFromString(test.GetCredString(username, password))
+ defer os.Remove(htpasswdPath)
conf.HTTP.Auth.HTPasswd.Path = htpasswdPath
conf.HTTP.Auth.LDAP = &config.LDAPConfig{
BindDN: "binddn",
@@ -420,7 +429,7 @@ func TestMgmtExtension(t *testing.T) {
So(mgmtResp.HTTP.Auth.Bearer.Service, ShouldEqual, "service")
// with credentials
- resp, err = resty.R().SetBasicAuth("test", "test").Get(baseURL + constants.FullMgmt)
+ resp, err = resty.R().SetBasicAuth(username, password).Get(baseURL + constants.FullMgmt)
So(err, ShouldBeNil)
So(resp.StatusCode(), ShouldEqual, http.StatusOK)
@@ -629,7 +638,10 @@ func TestMgmtExtension(t *testing.T) {
})
Convey("Verify mgmt auth info route enabled with empty openID provider list", t, func() {
- htpasswdPath := test.MakeHtpasswdFile()
+ username := test.GenerateRandomString()
+ password := test.GenerateRandomString()
+ htpasswdPath := test.MakeHtpasswdFileFromString(test.GetCredString(username, password))
+ defer os.Remove(htpasswdPath)
conf.HTTP.Auth.HTPasswd.Path = htpasswdPath
conf.HTTP.Auth.LDAP = nil
diff --git a/pkg/extensions/lint/lint_test.go b/pkg/extensions/lint/lint_test.go
index 9a784bf570..5f42d82554 100644
--- a/pkg/extensions/lint/lint_test.go
+++ b/pkg/extensions/lint/lint_test.go
@@ -28,19 +28,6 @@ import (
ociutils "zotregistry.io/zot/pkg/test/oci-utils"
)
-const (
- username = "test"
- passphrase = "test"
- ServerCert = "../../test/data/server.cert"
- ServerKey = "../../test/data/server.key"
- CACert = "../../test/data/ca.crt"
- AuthorizedNamespace = "everyone/isallowed"
- UnauthorizedNamespace = "fortknox/notallowed"
- ALICE = "alice"
- AuthorizationNamespace = "authz/image"
- AuthorizationAllRepos = "**"
-)
-
func TestVerifyMandatoryAnnotations(t *testing.T) {
//nolint: dupl
Convey("Mandatory annotations disabled", t, func() {
@@ -67,8 +54,7 @@ func TestVerifyMandatoryAnnotations(t *testing.T) {
cm.StartAndWait(port)
defer cm.StopServer()
- resp, err := resty.R().SetBasicAuth(username, passphrase).
- Get(baseURL + "/v2/zot-test/manifests/0.0.1")
+ resp, err := resty.R().Get(baseURL + "/v2/zot-test/manifests/0.0.1")
So(err, ShouldBeNil)
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, http.StatusOK)
@@ -114,8 +100,7 @@ func TestVerifyMandatoryAnnotations(t *testing.T) {
cm.StartAndWait(port)
defer cm.StopServer()
- resp, err := resty.R().SetBasicAuth(username, passphrase).
- Get(baseURL + "/v2/zot-test/manifests/0.0.1")
+ resp, err := resty.R().Get(baseURL + "/v2/zot-test/manifests/0.0.1")
So(err, ShouldBeNil)
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, http.StatusOK)
@@ -161,8 +146,7 @@ func TestVerifyMandatoryAnnotations(t *testing.T) {
cm.StartAndWait(port)
defer cm.StopServer()
- resp, err := resty.R().SetBasicAuth(username, passphrase).
- Get(baseURL + "/v2/zot-test/manifests/0.0.1")
+ resp, err := resty.R().Get(baseURL + "/v2/zot-test/manifests/0.0.1")
So(err, ShouldBeNil)
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, http.StatusOK)
@@ -214,8 +198,7 @@ func TestVerifyMandatoryAnnotations(t *testing.T) {
cm.StartAndWait(port)
defer cm.StopServer()
- resp, err := resty.R().SetBasicAuth(username, passphrase).
- Get(baseURL + "/v2/zot-test/manifests/0.0.1")
+ resp, err := resty.R().Get(baseURL + "/v2/zot-test/manifests/0.0.1")
So(err, ShouldBeNil)
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, http.StatusOK)
@@ -232,8 +215,7 @@ func TestVerifyMandatoryAnnotations(t *testing.T) {
configDigest := manifest.Config.Digest
- resp, err = resty.R().SetBasicAuth(username, passphrase).
- Get(baseURL + fmt.Sprintf("/v2/zot-test/blobs/%s", configDigest))
+ resp, err = resty.R().Get(baseURL + fmt.Sprintf("/v2/zot-test/blobs/%s", configDigest))
So(err, ShouldBeNil)
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, http.StatusOK)
@@ -302,8 +284,7 @@ func TestVerifyMandatoryAnnotations(t *testing.T) {
cm.StartAndWait(port)
defer cm.StopServer()
- resp, err := resty.R().SetBasicAuth(username, passphrase).
- Get(baseURL + "/v2/zot-test/manifests/0.0.1")
+ resp, err := resty.R().Get(baseURL + "/v2/zot-test/manifests/0.0.1")
So(err, ShouldBeNil)
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, http.StatusOK)
@@ -319,8 +300,7 @@ func TestVerifyMandatoryAnnotations(t *testing.T) {
configDigest := manifest.Config.Digest
- resp, err = resty.R().SetBasicAuth(username, passphrase).
- Get(baseURL + fmt.Sprintf("/v2/zot-test/blobs/%s", configDigest))
+ resp, err = resty.R().Get(baseURL + fmt.Sprintf("/v2/zot-test/blobs/%s", configDigest))
So(err, ShouldBeNil)
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, http.StatusOK)
@@ -389,8 +369,7 @@ func TestVerifyMandatoryAnnotations(t *testing.T) {
cm.StartAndWait(port)
defer cm.StopServer()
- resp, err := resty.R().SetBasicAuth(username, passphrase).
- Get(baseURL + "/v2/zot-test/manifests/0.0.1")
+ resp, err := resty.R().Get(baseURL + "/v2/zot-test/manifests/0.0.1")
So(err, ShouldBeNil)
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, http.StatusOK)
@@ -445,8 +424,7 @@ func TestVerifyMandatoryAnnotations(t *testing.T) {
cm.StartAndWait(port)
defer cm.StopServer()
- resp, err := resty.R().SetBasicAuth(username, passphrase).
- Get(baseURL + "/v2/zot-test/manifests/0.0.1")
+ resp, err := resty.R().Get(baseURL + "/v2/zot-test/manifests/0.0.1")
So(err, ShouldBeNil)
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, http.StatusOK)
diff --git a/pkg/extensions/search/cve/cve_test.go b/pkg/extensions/search/cve/cve_test.go
index 32d9059150..0faa6f0822 100644
--- a/pkg/extensions/search/cve/cve_test.go
+++ b/pkg/extensions/search/cve/cve_test.go
@@ -38,18 +38,13 @@ import (
mTypes "zotregistry.io/zot/pkg/meta/types"
"zotregistry.io/zot/pkg/storage"
"zotregistry.io/zot/pkg/storage/local"
- . "zotregistry.io/zot/pkg/test/common"
+ test "zotregistry.io/zot/pkg/test/common"
"zotregistry.io/zot/pkg/test/deprecated"
. "zotregistry.io/zot/pkg/test/image-utils"
"zotregistry.io/zot/pkg/test/mocks"
ociutils "zotregistry.io/zot/pkg/test/oci-utils"
)
-const (
- username = "test"
- passphrase = "test"
-)
-
type CveResult struct {
ImgList ImgList `json:"data"`
Errors []ErrorGQL `json:"errors"`
@@ -418,11 +413,13 @@ func TestImageFormat(t *testing.T) {
func TestCVESearchDisabled(t *testing.T) {
Convey("Test with CVE search disabled", t, func() {
- port := GetFreePort()
- baseURL := GetBaseURL(port)
+ port := test.GetFreePort()
+ baseURL := test.GetBaseURL(port)
conf := config.New()
conf.HTTP.Port = port
- htpasswdPath := MakeHtpasswdFile()
+ username := test.GenerateRandomString()
+ password := test.GenerateRandomString()
+ htpasswdPath := test.MakeHtpasswdFileFromString(test.GetCredString(username, password))
defer os.Remove(htpasswdPath)
conf.HTTP.Auth = &config.AuthConfig{
@@ -454,26 +451,26 @@ func TestCVESearchDisabled(t *testing.T) {
ctlr := api.NewController(conf)
ctlr.Log.Logger = ctlr.Log.Output(writers)
- ctrlManager := NewControllerManager(ctlr)
+ ctrlManager := test.NewControllerManager(ctlr)
ctrlManager.StartAndWait(port)
// Wait for trivy db to download
- found, err := ReadLogFileAndSearchString(logPath, "CVE config not provided, skipping CVE update", 90*time.Second)
+ found, err := test.ReadLogFileAndSearchString(logPath, "CVE config not provided, skipping CVE update", 90*time.Second)
So(err, ShouldBeNil)
So(found, ShouldBeTrue)
defer ctrlManager.StopServer()
- resp, _ := resty.R().SetBasicAuth(username, passphrase).Get(baseURL + constants.FullSearchPrefix + "?query={CVEListForImage(image:\"zot-test\"){Tag%20CVEList{Id%20Description%20Severity%20PackageList{Name%20InstalledVersion%20FixedVersion}}}}")
+ resp, _ := resty.R().SetBasicAuth(username, password).Get(baseURL + constants.FullSearchPrefix + "?query={CVEListForImage(image:\"zot-test\"){Tag%20CVEList{Id%20Description%20Severity%20PackageList{Name%20InstalledVersion%20FixedVersion}}}}")
So(string(resp.Body()), ShouldContainSubstring, "search: CVE search is disabled")
So(resp.StatusCode(), ShouldEqual, 200)
- resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(baseURL + constants.FullSearchPrefix + "?query={ImageListForCVE(id:\"CVE-201-20482\"){Results{RepoName%20Tag}}}")
+ resp, _ = resty.R().SetBasicAuth(username, password).Get(baseURL + constants.FullSearchPrefix + "?query={ImageListForCVE(id:\"CVE-201-20482\"){Results{RepoName%20Tag}}}")
So(string(resp.Body()), ShouldContainSubstring, "search: CVE search is disabled")
So(resp.StatusCode(), ShouldEqual, 200)
- resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(baseURL + constants.FullSearchPrefix + "?query={ImageListWithCVEFixed(id:\"" + "randomId" + "\",image:\"zot-test\"){Results{RepoName%20LastUpdated}}}")
+ resp, _ = resty.R().SetBasicAuth(username, password).Get(baseURL + constants.FullSearchPrefix + "?query={ImageListWithCVEFixed(id:\"" + "randomId" + "\",image:\"zot-test\"){Results{RepoName%20LastUpdated}}}")
So(resp, ShouldNotBeNil)
So(string(resp.Body()), ShouldContainSubstring, "search: CVE search is disabled")
So(resp.StatusCode(), ShouldEqual, 200)
@@ -483,11 +480,13 @@ func TestCVESearchDisabled(t *testing.T) {
func TestCVESearch(t *testing.T) {
Convey("Test image vulnerability scanning", t, func() {
updateDuration, _ := time.ParseDuration("1h")
- port := GetFreePort()
- baseURL := GetBaseURL(port)
+ port := test.GetFreePort()
+ baseURL := test.GetBaseURL(port)
conf := config.New()
conf.HTTP.Port = port
- htpasswdPath := MakeHtpasswdFile()
+ username := test.GenerateRandomString()
+ password := test.GenerateRandomString()
+ htpasswdPath := test.MakeHtpasswdFileFromString(test.GetCredString(username, password))
defer os.Remove(htpasswdPath)
dbDir, err := testSetup(t)
@@ -529,14 +528,14 @@ func TestCVESearch(t *testing.T) {
ctlr := api.NewController(conf)
ctlr.Log.Logger = ctlr.Log.Output(writers)
- ctrlManager := NewControllerManager(ctlr)
+ ctrlManager := test.NewControllerManager(ctlr)
ctrlManager.StartAndWait(port)
// trivy db download fail
err = os.Mkdir(dbDir+"/_trivy", 0o000)
So(err, ShouldBeNil)
- found, err := ReadLogFileAndSearchString(logPath, "Error downloading Trivy DB to destination dir", 180*time.Second)
+ found, err := test.ReadLogFileAndSearchString(logPath, "Error downloading Trivy DB to destination dir", 180*time.Second)
So(err, ShouldBeNil)
So(found, ShouldBeTrue)
@@ -544,7 +543,7 @@ func TestCVESearch(t *testing.T) {
So(err, ShouldBeNil)
// Wait for trivy db to download
- found, err = ReadLogFileAndSearchString(logPath, "DB update completed, next update scheduled", 180*time.Second)
+ found, err = test.ReadLogFileAndSearchString(logPath, "DB update completed, next update scheduled", 180*time.Second)
So(err, ShouldBeNil)
So(found, ShouldBeTrue)
@@ -567,21 +566,21 @@ func TestCVESearch(t *testing.T) {
So(err, ShouldBeNil)
// with creds, should get expected status code
- resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(baseURL)
+ resp, _ = resty.R().SetBasicAuth(username, password).Get(baseURL)
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, 404)
- resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(baseURL + "/v2/")
+ resp, _ = resty.R().SetBasicAuth(username, password).Get(baseURL + "/v2/")
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, 200)
- resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(baseURL + constants.FullSearchPrefix)
+ resp, _ = resty.R().SetBasicAuth(username, password).Get(baseURL + constants.FullSearchPrefix)
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, 422)
var cveResult CveResult
contains := false
- resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(baseURL + constants.FullSearchPrefix + "?query={CVEListForImage(image:\"zot-test\"){Tag%20CVEList{Id%20Description%20Severity%20PackageList{Name%20InstalledVersion%20FixedVersion}}}}")
+ resp, _ = resty.R().SetBasicAuth(username, password).Get(baseURL + constants.FullSearchPrefix + "?query={CVEListForImage(image:\"zot-test\"){Tag%20CVEList{Id%20Description%20Severity%20PackageList{Name%20InstalledVersion%20FixedVersion}}}}")
err = json.Unmarshal(resp.Body(), &cveResult)
So(err, ShouldBeNil)
for _, err := range cveResult.Errors {
@@ -592,7 +591,7 @@ func TestCVESearch(t *testing.T) {
}
So(contains, ShouldBeTrue)
- resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(baseURL + constants.FullSearchPrefix + "?query={CVEListForImage(image:\"zot-test:0.0.1\"){Tag%20CVEList{Id%20Description%20Severity%20PackageList{Name%20InstalledVersion%20FixedVersion}}}}")
+ resp, _ = resty.R().SetBasicAuth(username, password).Get(baseURL + constants.FullSearchPrefix + "?query={CVEListForImage(image:\"zot-test:0.0.1\"){Tag%20CVEList{Id%20Description%20Severity%20PackageList{Name%20InstalledVersion%20FixedVersion}}}}")
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, 200)
@@ -602,7 +601,7 @@ func TestCVESearch(t *testing.T) {
cveid := cveResult.ImgList.CVEResultForImage.CVEList[0].ID
- resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(baseURL + constants.FullSearchPrefix + "?query={ImageListWithCVEFixed(id:\"" + cveid + "\",image:\"zot-test\"){Results{RepoName%20LastUpdated}}}")
+ resp, _ = resty.R().SetBasicAuth(username, password).Get(baseURL + constants.FullSearchPrefix + "?query={ImageListWithCVEFixed(id:\"" + cveid + "\",image:\"zot-test\"){Results{RepoName%20LastUpdated}}}")
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, 200)
@@ -611,7 +610,7 @@ func TestCVESearch(t *testing.T) {
So(err, ShouldBeNil)
So(len(imgListWithCVEFixed.Images), ShouldEqual, 0)
- resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(baseURL + constants.FullSearchPrefix + "?query={ImageListWithCVEFixed(id:\"" + cveid + "\",image:\"zot-cve-test\"){Results{RepoName%20LastUpdated}}}")
+ resp, _ = resty.R().SetBasicAuth(username, password).Get(baseURL + constants.FullSearchPrefix + "?query={ImageListWithCVEFixed(id:\"" + cveid + "\",image:\"zot-cve-test\"){Results{RepoName%20LastUpdated}}}")
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, 200)
@@ -619,11 +618,11 @@ func TestCVESearch(t *testing.T) {
So(err, ShouldBeNil)
So(len(imgListWithCVEFixed.Images), ShouldEqual, 0)
- resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(baseURL + constants.FullSearchPrefix + "?query={ImageListWithCVEFixed(id:\"" + cveid + "\",image:\"zot-test\"){Results{RepoName%20LastUpdated}}}")
+ resp, _ = resty.R().SetBasicAuth(username, password).Get(baseURL + constants.FullSearchPrefix + "?query={ImageListWithCVEFixed(id:\"" + cveid + "\",image:\"zot-test\"){Results{RepoName%20LastUpdated}}}")
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, 200)
- resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(baseURL + constants.FullSearchPrefix + "?query={CVEListForImage(image:\"b/zot-squashfs-test:commit-aaa7c6e7-squashfs\"){Tag%20CVEList{Id%20Description%20Severity%20PackageList{Name%20InstalledVersion%20FixedVersion}}}}")
+ resp, _ = resty.R().SetBasicAuth(username, password).Get(baseURL + constants.FullSearchPrefix + "?query={CVEListForImage(image:\"b/zot-squashfs-test:commit-aaa7c6e7-squashfs\"){Tag%20CVEList{Id%20Description%20Severity%20PackageList{Name%20InstalledVersion%20FixedVersion}}}}")
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, 200)
@@ -632,108 +631,108 @@ func TestCVESearch(t *testing.T) {
So(err, ShouldBeNil)
So(len(cveSquashFSResult.ImgList.CVEResultForImage.CVEList), ShouldBeZeroValue)
- resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(baseURL + constants.FullSearchPrefix + "?query={CVEListForImage(image:\"zot-squashfs-noindex:commit-aaa7c6e7-squashfs\"){Tag%20CVEList{Id%20Description%20Severity%20PackageList{Name%20InstalledVersion%20FixedVersion}}}}")
+ resp, _ = resty.R().SetBasicAuth(username, password).Get(baseURL + constants.FullSearchPrefix + "?query={CVEListForImage(image:\"zot-squashfs-noindex:commit-aaa7c6e7-squashfs\"){Tag%20CVEList{Id%20Description%20Severity%20PackageList{Name%20InstalledVersion%20FixedVersion}}}}")
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, 200)
- resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(baseURL + constants.FullSearchPrefix + "?query={ImageListWithCVEFixed(id:\"" + cveid + "\",image:\"zot-squashfs-noindex\"){Results{RepoName%20LastUpdated}}}")
+ resp, _ = resty.R().SetBasicAuth(username, password).Get(baseURL + constants.FullSearchPrefix + "?query={ImageListWithCVEFixed(id:\"" + cveid + "\",image:\"zot-squashfs-noindex\"){Results{RepoName%20LastUpdated}}}")
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, 200)
- resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(baseURL + constants.FullSearchPrefix + "?query={CVEListForImage(image:\"zot-squashfs-invalid-index:commit-aaa7c6e7-squashfs\"){Tag%20CVEList{Id%20Description%20Severity%20PackageList{Name%20InstalledVersion%20FixedVersion}}}}")
+ resp, _ = resty.R().SetBasicAuth(username, password).Get(baseURL + constants.FullSearchPrefix + "?query={CVEListForImage(image:\"zot-squashfs-invalid-index:commit-aaa7c6e7-squashfs\"){Tag%20CVEList{Id%20Description%20Severity%20PackageList{Name%20InstalledVersion%20FixedVersion}}}}")
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, 200)
- resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(baseURL + constants.FullSearchPrefix + "?query={ImageListWithCVEFixed(id:\"" + cveid + "\",image:\"zot-squashfs-invalid-index\"){Results{RepoName%20LastUpdated}}}")
+ resp, _ = resty.R().SetBasicAuth(username, password).Get(baseURL + constants.FullSearchPrefix + "?query={ImageListWithCVEFixed(id:\"" + cveid + "\",image:\"zot-squashfs-invalid-index\"){Results{RepoName%20LastUpdated}}}")
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, 200)
- resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(baseURL + constants.FullSearchPrefix + "?query={CVEListForImage(image:\"zot-squashfs-noblobs:commit-aaa7c6e7-squashfs\"){Tag%20CVEList{Id%20Description%20Severity%20PackageList{Name%20InstalledVersion%20FixedVersion}}}}")
+ resp, _ = resty.R().SetBasicAuth(username, password).Get(baseURL + constants.FullSearchPrefix + "?query={CVEListForImage(image:\"zot-squashfs-noblobs:commit-aaa7c6e7-squashfs\"){Tag%20CVEList{Id%20Description%20Severity%20PackageList{Name%20InstalledVersion%20FixedVersion}}}}")
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, 200)
- resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(baseURL + constants.FullSearchPrefix + "?query={ImageListWithCVEFixed(id:\"" + cveid + "\",image:\"zot-squashfs-noblob\"){Results{RepoName%20LastUpdated}}}")
+ resp, _ = resty.R().SetBasicAuth(username, password).Get(baseURL + constants.FullSearchPrefix + "?query={ImageListWithCVEFixed(id:\"" + cveid + "\",image:\"zot-squashfs-noblob\"){Results{RepoName%20LastUpdated}}}")
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, 200)
- resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(baseURL + constants.FullSearchPrefix + "?query={ImageListWithCVEFixed(id:\"" + cveid + "\",image:\"zot-squashfs-test\"){Results{RepoName%20LastUpdated}}}")
+ resp, _ = resty.R().SetBasicAuth(username, password).Get(baseURL + constants.FullSearchPrefix + "?query={ImageListWithCVEFixed(id:\"" + cveid + "\",image:\"zot-squashfs-test\"){Results{RepoName%20LastUpdated}}}")
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, 200)
- resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(baseURL + constants.FullSearchPrefix + "?query={CVEListForImage(image:\"zot-squashfs-invalid-blob:commit-aaa7c6e7-squashfs\"){Tag%20CVEList{Id%20Description%20Severity%20PackageList{Name%20InstalledVersion%20FixedVersion}}}}")
+ resp, _ = resty.R().SetBasicAuth(username, password).Get(baseURL + constants.FullSearchPrefix + "?query={CVEListForImage(image:\"zot-squashfs-invalid-blob:commit-aaa7c6e7-squashfs\"){Tag%20CVEList{Id%20Description%20Severity%20PackageList{Name%20InstalledVersion%20FixedVersion}}}}")
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, 200)
- resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(baseURL + constants.FullSearchPrefix + "?query={ImageListWithCVEFixed(id:\"" + cveid + "\",image:\"zot-squashfs-invalid-blob\"){Results{RepoName%20LastUpdated}}}")
+ resp, _ = resty.R().SetBasicAuth(username, password).Get(baseURL + constants.FullSearchPrefix + "?query={ImageListWithCVEFixed(id:\"" + cveid + "\",image:\"zot-squashfs-invalid-blob\"){Results{RepoName%20LastUpdated}}}")
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, 200)
- resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(baseURL + constants.FullSearchPrefix + "?query={CVEListForImage(image:\"zot-squashfs-test\"){Tag%20CVEList{Id%20Description%20Severity%20PackageList{Name%20InstalledVersion%20FixedVersion}}}}")
+ resp, _ = resty.R().SetBasicAuth(username, password).Get(baseURL + constants.FullSearchPrefix + "?query={CVEListForImage(image:\"zot-squashfs-test\"){Tag%20CVEList{Id%20Description%20Severity%20PackageList{Name%20InstalledVersion%20FixedVersion}}}}")
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, 200)
- resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(baseURL + constants.FullSearchPrefix + "?query={CVEListForImage(image:\"cntos\"){Tag%20CVEList{Id%20Description%20Severity}}}")
+ resp, _ = resty.R().SetBasicAuth(username, password).Get(baseURL + constants.FullSearchPrefix + "?query={CVEListForImage(image:\"cntos\"){Tag%20CVEList{Id%20Description%20Severity}}}")
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, 200)
- resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(baseURL + constants.FullSearchPrefix + "?query={ImageListForCVE(id:\"CVE-201-20482\"){Results{RepoName%20Tag}}}")
+ resp, _ = resty.R().SetBasicAuth(username, password).Get(baseURL + constants.FullSearchPrefix + "?query={ImageListForCVE(id:\"CVE-201-20482\"){Results{RepoName%20Tag}}}")
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, 200)
- resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(baseURL + constants.FullSearchPrefix + "?query={CVEListForImage(image:\"zot-test\"){Tag%20CVEList{Id%20Description}}}")
+ resp, _ = resty.R().SetBasicAuth(username, password).Get(baseURL + constants.FullSearchPrefix + "?query={CVEListForImage(image:\"zot-test\"){Tag%20CVEList{Id%20Description}}}")
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, 200)
- resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(baseURL + constants.FullSearchPrefix + "?query={CVEListForImage(image:\"zot-test:0.0.1\"){Tag}}")
+ resp, _ = resty.R().SetBasicAuth(username, password).Get(baseURL + constants.FullSearchPrefix + "?query={CVEListForImage(image:\"zot-test:0.0.1\"){Tag}}")
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, 200)
- resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(baseURL + constants.FullSearchPrefix + "?query={CVEListForImage(image:\"zot-test:0.0.1\"){CVEList{Id%20Description%20Severity}}}")
+ resp, _ = resty.R().SetBasicAuth(username, password).Get(baseURL + constants.FullSearchPrefix + "?query={CVEListForImage(image:\"zot-test:0.0.1\"){CVEList{Id%20Description%20Severity}}}")
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, 200)
- resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(baseURL + constants.FullSearchPrefix + "?query={CVEListForImage(image:\"zot-test:0.0.1\"){CVEList{Description%20Severity}}}")
+ resp, _ = resty.R().SetBasicAuth(username, password).Get(baseURL + constants.FullSearchPrefix + "?query={CVEListForImage(image:\"zot-test:0.0.1\"){CVEList{Description%20Severity}}}")
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, 200)
- resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(baseURL + constants.FullSearchPrefix + "?query={CVEListForImage(image:\"zot-test:0.0.1\"){CVEList{Id%20Severity}}}")
+ resp, _ = resty.R().SetBasicAuth(username, password).Get(baseURL + constants.FullSearchPrefix + "?query={CVEListForImage(image:\"zot-test:0.0.1\"){CVEList{Id%20Severity}}}")
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, 200)
- resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(baseURL + constants.FullSearchPrefix + "?query={CVEListForImage(image:\"zot-test:0.0.1\"){CVEList{Id%20Description}}}")
+ resp, _ = resty.R().SetBasicAuth(username, password).Get(baseURL + constants.FullSearchPrefix + "?query={CVEListForImage(image:\"zot-test:0.0.1\"){CVEList{Id%20Description}}}")
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, 200)
- resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(baseURL + constants.FullSearchPrefix + "?query={CVEListForImage(image:\"zot-test:0.0.1\"){CVEList{Id}}}")
+ resp, _ = resty.R().SetBasicAuth(username, password).Get(baseURL + constants.FullSearchPrefix + "?query={CVEListForImage(image:\"zot-test:0.0.1\"){CVEList{Id}}}")
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, 200)
- resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(baseURL + constants.FullSearchPrefix + "?query={CVEListForImage(image:\"zot-test:0.0.1\"){CVEList{Description}}}")
+ resp, _ = resty.R().SetBasicAuth(username, password).Get(baseURL + constants.FullSearchPrefix + "?query={CVEListForImage(image:\"zot-test:0.0.1\"){CVEList{Description}}}")
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, 200)
// Testing Invalid Search URL
- resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(baseURL + constants.FullSearchPrefix + "?query={CVEListForImage(image:\"zot-test:0.0.1\"){Ta%20CVEList{Id%20Description%20Severity}}}")
+ resp, _ = resty.R().SetBasicAuth(username, password).Get(baseURL + constants.FullSearchPrefix + "?query={CVEListForImage(image:\"zot-test:0.0.1\"){Ta%20CVEList{Id%20Description%20Severity}}}")
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, 422)
- resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(baseURL + constants.FullSearchPrefix + "?query={ImageListForCVE(tet:\"CVE-2018-20482\"){Results{RepoName%20Tag}}}")
+ resp, _ = resty.R().SetBasicAuth(username, password).Get(baseURL + constants.FullSearchPrefix + "?query={ImageListForCVE(tet:\"CVE-2018-20482\"){Results{RepoName%20Tag}}}")
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, 422)
- resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(baseURL + constants.FullSearchPrefix + "?query={ImageistForCVE(id:\"CVE-2018-20482\"){Results{RepoName%20Tag}}}")
+ resp, _ = resty.R().SetBasicAuth(username, password).Get(baseURL + constants.FullSearchPrefix + "?query={ImageistForCVE(id:\"CVE-2018-20482\"){Results{RepoName%20Tag}}}")
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, 422)
- resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(baseURL + constants.FullSearchPrefix + "?query={ImageListForCVE(id:\"CVE-2018-20482\"){ame%20Tags}}")
+ resp, _ = resty.R().SetBasicAuth(username, password).Get(baseURL + constants.FullSearchPrefix + "?query={ImageListForCVE(id:\"CVE-2018-20482\"){ame%20Tags}}")
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, 422)
- resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(baseURL + constants.FullSearchPrefix + "?query={CVEListForImage(reo:\"zot-test:1.0.0\"){Tag%20CVEList{Id%20Description%20Severity}}}")
+ resp, _ = resty.R().SetBasicAuth(username, password).Get(baseURL + constants.FullSearchPrefix + "?query={CVEListForImage(reo:\"zot-test:1.0.0\"){Tag%20CVEList{Id%20Description%20Severity}}}")
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, 422)
- resp, _ = resty.R().SetBasicAuth(username, passphrase).Get(baseURL + constants.FullSearchPrefix + "?query={ImageListForCVE(id:\"" + cveid + "\"){Results{RepoName%20Tag}}}")
+ resp, _ = resty.R().SetBasicAuth(username, password).Get(baseURL + constants.FullSearchPrefix + "?query={ImageListForCVE(id:\"" + cveid + "\"){Results{RepoName%20Tag}}}")
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, 200)
})
@@ -1615,8 +1614,8 @@ func TestFixedTags(t *testing.T) {
func TestFixedTagsWithIndex(t *testing.T) {
Convey("Test fixed tags", t, func() {
tempDir := t.TempDir()
- port := GetFreePort()
- baseURL := GetBaseURL(port)
+ port := test.GetFreePort()
+ baseURL := test.GetBaseURL(port)
conf := config.New()
conf.HTTP.Port = port
defaultVal := true
@@ -1644,7 +1643,7 @@ func TestFixedTagsWithIndex(t *testing.T) {
ctlr := api.NewController(conf)
ctlr.Log.Logger = ctlr.Log.Output(writers)
- cm := NewControllerManager(ctlr)
+ cm := test.NewControllerManager(ctlr)
cm.StartAndWait(port)
defer cm.StopServer()
// push index with 2 manifests: one with vulns and one without
@@ -1681,7 +1680,7 @@ func TestFixedTagsWithIndex(t *testing.T) {
So(err, ShouldBeNil)
// Wait for trivy db to download
- found, err := ReadLogFileAndSearchString(logPath, "DB update completed, next update scheduled", 180*time.Second)
+ found, err := test.ReadLogFileAndSearchString(logPath, "DB update completed, next update scheduled", 180*time.Second)
So(err, ShouldBeNil)
So(found, ShouldBeTrue)
diff --git a/pkg/extensions/search/userprefs_test.go b/pkg/extensions/search/userprefs_test.go
index 7d0fda85c5..3844ec54c7 100644
--- a/pkg/extensions/search/userprefs_test.go
+++ b/pkg/extensions/search/userprefs_test.go
@@ -11,7 +11,6 @@ import (
"testing"
. "github.com/smartystreets/goconvey/convey"
- "golang.org/x/crypto/bcrypt"
"gopkg.in/resty.v1"
"zotregistry.io/zot/pkg/api"
@@ -23,7 +22,7 @@ import (
"zotregistry.io/zot/pkg/log"
"zotregistry.io/zot/pkg/storage"
"zotregistry.io/zot/pkg/storage/local"
- . "zotregistry.io/zot/pkg/test/common"
+ test "zotregistry.io/zot/pkg/test/common"
"zotregistry.io/zot/pkg/test/deprecated"
. "zotregistry.io/zot/pkg/test/image-utils"
)
@@ -31,8 +30,8 @@ import (
//nolint:dupl
func TestUserData(t *testing.T) {
Convey("Test user stars and bookmarks", t, func(c C) {
- port := GetFreePort()
- baseURL := GetBaseURL(port)
+ port := test.GetFreePort()
+ baseURL := test.GetBaseURL(port)
defaultVal := true
accessibleRepo := "accessible-repo"
@@ -44,10 +43,9 @@ func TestUserData(t *testing.T) {
simpleUser := "test"
simpleUserPassword := "test123"
- twoCredTests := fmt.Sprintf("%s\n%s\n\n", getCredString(adminUser, adminPassword),
- getCredString(simpleUser, simpleUserPassword))
-
- htpasswdPath := MakeHtpasswdFileFromString(twoCredTests)
+ content := test.GetCredString(adminUser, adminPassword) +
+ test.GetCredString(simpleUser, simpleUserPassword)
+ htpasswdPath := test.MakeHtpasswdFileFromString(content)
defer os.Remove(htpasswdPath)
conf := config.New()
@@ -94,7 +92,7 @@ func TestUserData(t *testing.T) {
ctlr := api.NewController(conf)
- ctlrManager := NewControllerManager(ctlr)
+ ctlrManager := test.NewControllerManager(ctlr)
ctlrManager.StartAndWait(port)
defer ctlrManager.StopServer()
@@ -458,8 +456,8 @@ func TestUserData(t *testing.T) {
}
func TestChangingRepoState(t *testing.T) {
- port := GetFreePort()
- baseURL := GetBaseURL(port)
+ port := test.GetFreePort()
+ baseURL := test.GetBaseURL(port)
defaultVal := true
simpleUser := "test"
@@ -468,9 +466,7 @@ func TestChangingRepoState(t *testing.T) {
forbiddenRepo := "forbidden"
accesibleRepo := "accesible"
- credTests := fmt.Sprintf("%s\n\n", getCredString(simpleUser, simpleUserPassword))
-
- htpasswdPath := MakeHtpasswdFileFromString(credTests)
+ htpasswdPath := test.MakeHtpasswdFileFromString(test.GetCredString(simpleUser, simpleUserPassword))
defer os.Remove(htpasswdPath)
conf := config.New()
@@ -562,7 +558,7 @@ func TestChangingRepoState(t *testing.T) {
t.FailNow()
}
- ctlrManager := NewControllerManager(ctlr)
+ ctlrManager := test.NewControllerManager(ctlr)
ctlrManager.StartAndWait(port)
@@ -622,17 +618,15 @@ func TestChangingRepoState(t *testing.T) {
func TestGlobalSearchWithUserPrefFiltering(t *testing.T) {
Convey("Bookmarks and Stars filtering", t, func() {
dir := t.TempDir()
- port := GetFreePort()
- baseURL := GetBaseURL(port)
+ port := test.GetFreePort()
+ baseURL := test.GetBaseURL(port)
conf := config.New()
conf.HTTP.Port = port
conf.Storage.RootDirectory = dir
simpleUser := "simpleUser"
simpleUserPassword := "simpleUserPass"
- credTests := fmt.Sprintf("%s\n\n", getCredString(simpleUser, simpleUserPassword))
-
- htpasswdPath := MakeHtpasswdFileFromString(credTests)
+ htpasswdPath := test.MakeHtpasswdFileFromString(test.GetCredString(simpleUser, simpleUserPassword))
defer os.Remove(htpasswdPath)
conf.HTTP.Auth = &config.AuthConfig{
@@ -664,7 +658,7 @@ func TestGlobalSearchWithUserPrefFiltering(t *testing.T) {
ctlr := api.NewController(conf)
- ctlrManager := NewControllerManager(ctlr)
+ ctlrManager := test.NewControllerManager(ctlr)
ctlrManager.StartAndWait(port)
defer ctlrManager.StopServer()
@@ -750,8 +744,8 @@ func TestGlobalSearchWithUserPrefFiltering(t *testing.T) {
So(foundRepos, ShouldContain, common.RepoSummary{Name: sbRepo, IsStarred: true, IsBookmarked: true})
// Filter by IsStarred = true && IsBookmarked = false
- query = `{
- GlobalSearch(query:"repo", filter:{ IsStarred:true, IsBookmarked:false }) {
+ query = `{
+ GlobalSearch(query:"repo", filter:{ IsStarred:true, IsBookmarked:false }) {
Repos { Name IsStarred IsBookmarked }
}
}`
@@ -771,8 +765,8 @@ func TestGlobalSearchWithUserPrefFiltering(t *testing.T) {
So(foundRepos, ShouldContain, common.RepoSummary{Name: sRepo, IsStarred: true, IsBookmarked: false})
// Filter by IsBookmarked = true
- query = `{
- GlobalSearch(query:"repo", filter:{ IsBookmarked:true }) {
+ query = `{
+ GlobalSearch(query:"repo", filter:{ IsBookmarked:true }) {
Repos { Name IsStarred IsBookmarked }
}
}`
@@ -793,8 +787,8 @@ func TestGlobalSearchWithUserPrefFiltering(t *testing.T) {
So(foundRepos, ShouldContain, common.RepoSummary{Name: sbRepo, IsStarred: true, IsBookmarked: true})
// Filter by IsBookmarked = true && IsStarred = false
- query = `{
- GlobalSearch(query:"repo", filter:{ IsBookmarked:true, IsStarred:false }) {
+ query = `{
+ GlobalSearch(query:"repo", filter:{ IsBookmarked:true, IsStarred:false }) {
Repos { Name IsStarred IsBookmarked }
}
}`
@@ -818,17 +812,15 @@ func TestGlobalSearchWithUserPrefFiltering(t *testing.T) {
func TestExpandedRepoInfoWithUserPrefs(t *testing.T) {
Convey("ExpandedRepoInfo with User Prefs", t, func() {
dir := t.TempDir()
- port := GetFreePort()
- baseURL := GetBaseURL(port)
+ port := test.GetFreePort()
+ baseURL := test.GetBaseURL(port)
conf := config.New()
conf.HTTP.Port = port
conf.Storage.RootDirectory = dir
simpleUser := "simpleUser"
simpleUserPassword := "simpleUserPass"
- credTests := fmt.Sprintf("%s\n\n", getCredString(simpleUser, simpleUserPassword))
-
- htpasswdPath := MakeHtpasswdFileFromString(credTests)
+ htpasswdPath := test.MakeHtpasswdFileFromString(test.GetCredString(simpleUser, simpleUserPassword))
defer os.Remove(htpasswdPath)
conf.HTTP.Auth = &config.AuthConfig{
@@ -860,7 +852,7 @@ func TestExpandedRepoInfoWithUserPrefs(t *testing.T) {
ctlr := api.NewController(conf)
- ctlrManager := NewControllerManager(ctlr)
+ ctlrManager := test.NewControllerManager(ctlr)
ctlrManager.StartAndWait(port)
defer ctlrManager.StopServer()
@@ -888,7 +880,7 @@ func TestExpandedRepoInfoWithUserPrefs(t *testing.T) {
{
ExpandedRepoInfo(repo:"sbrepo"){
Summary {
- Name IsStarred IsBookmarked
+ Name IsStarred IsBookmarked
}
}
}`
@@ -923,7 +915,7 @@ func TestExpandedRepoInfoWithUserPrefs(t *testing.T) {
{
ExpandedRepoInfo(repo:"srepo"){
Summary {
- Name IsStarred IsBookmarked
+ Name IsStarred IsBookmarked
}
}
}`
@@ -958,7 +950,7 @@ func TestExpandedRepoInfoWithUserPrefs(t *testing.T) {
{
ExpandedRepoInfo(repo:"brepo"){
Summary {
- Name IsStarred IsBookmarked
+ Name IsStarred IsBookmarked
}
}
}`
@@ -989,7 +981,7 @@ func TestExpandedRepoInfoWithUserPrefs(t *testing.T) {
{
ExpandedRepoInfo(repo:"repo"){
Summary {
- Name IsStarred IsBookmarked
+ Name IsStarred IsBookmarked
}
}
}`
@@ -1017,14 +1009,3 @@ func PutRepoStarURL(repo string) string {
func PutRepoBookmarkURL(repo string) string {
return fmt.Sprintf("?repo=%s&action=toggleBookmark", repo)
}
-
-func getCredString(username, password string) string {
- hash, err := bcrypt.GenerateFromPassword([]byte(password), 10)
- if err != nil {
- panic(err)
- }
-
- usernameAndHash := fmt.Sprintf("%s:%s", username, string(hash))
-
- return usernameAndHash
-}
diff --git a/pkg/extensions/sync/sync_test.go b/pkg/extensions/sync/sync_test.go
index b0519c5560..077dea4b08 100644
--- a/pkg/extensions/sync/sync_test.go
+++ b/pkg/extensions/sync/sync_test.go
@@ -69,6 +69,8 @@ const (
)
var (
+ username = test.GenerateRandomString() //nolint: gochecknoglobals
+ password = test.GenerateRandomString() //nolint: gochecknoglobals
errSync = errors.New("sync error, src oci repo differs from dest one")
errBadStatus = errors.New("bad http status")
)
@@ -127,7 +129,7 @@ func makeUpstreamServer(
var htpasswdPath string
if basicAuth {
- htpasswdPath = test.MakeHtpasswdFile()
+ htpasswdPath = test.MakeHtpasswdFileFromString(test.GetCredString(username, password))
srcConfig.HTTP.Auth = &config.AuthConfig{
HTPasswd: config.AuthHTPasswd{
Path: htpasswdPath,
@@ -2376,7 +2378,8 @@ func TestBasicAuth(t *testing.T) {
defer scm.StopServer()
registryName := sync.StripRegistryTransport(srcBaseURL)
- credentialsFile := makeCredentialsFile(fmt.Sprintf(`{"%s":{"username": "test", "password": "test"}}`, registryName))
+ credentialsFile := makeCredentialsFile(fmt.Sprintf(`{"%s":{"username": "%s", "password": "%s"}}`,
+ registryName, username, password))
var tlsVerify bool
@@ -2408,7 +2411,7 @@ func TestBasicAuth(t *testing.T) {
var srcTagsList TagsList
var destTagsList TagsList
- resp, _ := srcClient.R().SetBasicAuth("test", "test").Get(srcBaseURL + "/v2/" + testImage + "/tags/list")
+ resp, _ := srcClient.R().SetBasicAuth(username, password).Get(srcBaseURL + "/v2/" + testImage + "/tags/list")
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, http.StatusOK)
@@ -2474,8 +2477,8 @@ func TestBasicAuth(t *testing.T) {
registryName := sync.StripRegistryTransport(srcBaseURL)
- credentialsFile := makeCredentialsFile(fmt.Sprintf(`{"%s":{"username": "test", "password": "invalid"}}`,
- registryName))
+ credentialsFile := makeCredentialsFile(fmt.Sprintf(`{"%s":{"username": "%s", "password": "invalid"}}`,
+ registryName, username))
var tlsVerify bool
@@ -2541,8 +2544,8 @@ func TestBasicAuth(t *testing.T) {
registryName := sync.StripRegistryTransport(srcBaseURL)
- credentialsFile := makeCredentialsFile(fmt.Sprintf(`{"%s":{"username": "test", "password": "test"}}`,
- registryName))
+ credentialsFile := makeCredentialsFile(fmt.Sprintf(`{"%s":{"username": "%s", "password": "%s"}}`,
+ registryName, username, password))
err := os.Chmod(credentialsFile, 0o000)
So(err, ShouldBeNil)
@@ -2614,7 +2617,8 @@ func TestBasicAuth(t *testing.T) {
defer scm.StopServer()
registryName := sync.StripRegistryTransport(srcBaseURL)
- credentialsFile := makeCredentialsFile(fmt.Sprintf(`{"%s":{"username": "test", "password": "test"}}`, registryName))
+ credentialsFile := makeCredentialsFile(fmt.Sprintf(`{"%s":{"username": "%s", "password": "%s"}}`,
+ registryName, username, password))
defaultValue := false
syncRegistryConfig := syncconf.RegistryConfig{
@@ -2654,7 +2658,7 @@ func TestBasicAuth(t *testing.T) {
var srcTagsList TagsList
var destTagsList TagsList
- resp, _ := srcClient.R().SetBasicAuth("test", "test").Get(srcBaseURL + "/v2/" + testImage + "/tags/list")
+ resp, _ := srcClient.R().SetBasicAuth(username, password).Get(srcBaseURL + "/v2/" + testImage + "/tags/list")
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, http.StatusOK)
diff --git a/pkg/log/log_test.go b/pkg/log/log_test.go
index 6a9fa0e32c..55ee12d6e8 100644
--- a/pkg/log/log_test.go
+++ b/pkg/log/log_test.go
@@ -24,14 +24,7 @@ import (
"zotregistry.io/zot/pkg/api/config"
"zotregistry.io/zot/pkg/api/constants"
"zotregistry.io/zot/pkg/log"
- . "zotregistry.io/zot/pkg/test/common"
-)
-
-const (
- username = "test"
- passphrase = "test"
- AuthorizedNamespace = "everyone/isallowed"
- UnauthorizedNamespace = "fortknox/notallowed"
+ test "zotregistry.io/zot/pkg/test/common"
)
type AuditLog struct {
@@ -49,8 +42,8 @@ func TestAuditLogMessages(t *testing.T) {
Convey("Make a new controller", t, func() {
dir := t.TempDir()
- port := GetFreePort()
- baseURL := GetBaseURL(port)
+ port := test.GetFreePort()
+ baseURL := test.GetBaseURL(port)
conf := config.New()
outputPath := dir + "/zot.log"
@@ -59,7 +52,9 @@ func TestAuditLogMessages(t *testing.T) {
conf.HTTP.Port = port
- htpasswdPath := MakeHtpasswdFile()
+ username := test.GenerateRandomString()
+ password := test.GenerateRandomString()
+ htpasswdPath := test.MakeHtpasswdFileFromString(test.GetCredString(username, password))
defer os.Remove(htpasswdPath)
conf.HTTP.Auth = &config.AuthConfig{
HTPasswd: config.AuthHTPasswd{
@@ -70,7 +65,7 @@ func TestAuditLogMessages(t *testing.T) {
ctlr := api.NewController(conf)
ctlr.Config.Storage.RootDirectory = dir
- ctlrManager := NewControllerManager(ctlr)
+ ctlrManager := test.NewControllerManager(ctlr)
ctlrManager.StartAndWait(port)
defer ctlrManager.StopServer()
@@ -83,7 +78,7 @@ func TestAuditLogMessages(t *testing.T) {
defer auditFile.Close()
Convey("Test GET request", func() {
- resp, err := resty.R().SetBasicAuth(username, passphrase).Get(baseURL + "/v2/")
+ resp, err := resty.R().SetBasicAuth(username, password).Get(baseURL + "/v2/")
So(err, ShouldBeNil)
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, http.StatusOK)
@@ -93,8 +88,9 @@ func TestAuditLogMessages(t *testing.T) {
})
Convey("Test POST request", func() {
- path := "/v2/" + AuthorizedNamespace + "/blobs/uploads/"
- resp, err := resty.R().SetBasicAuth(username, passphrase).Post(baseURL + path)
+ repoName := "everyone/isallowed"
+ path := "/v2/" + repoName + "/blobs/uploads/"
+ resp, err := resty.R().SetBasicAuth(username, password).Post(baseURL + path)
So(err, ShouldBeNil)
So(resp, ShouldNotBeNil)
So(resp.StatusCode(), ShouldEqual, http.StatusAccepted)
@@ -124,10 +120,10 @@ func TestAuditLogMessages(t *testing.T) {
Convey("Test PUT and DELETE request", func() {
// create upload
path := "/v2/repo/blobs/uploads/"
- resp, err := resty.R().SetBasicAuth(username, passphrase).Post(baseURL + path)
+ resp, err := resty.R().SetBasicAuth(username, password).Post(baseURL + path)
So(err, ShouldBeNil)
So(resp.StatusCode(), ShouldEqual, http.StatusAccepted)
- loc := Location(baseURL, resp)
+ loc := test.Location(baseURL, resp)
So(loc, ShouldNotBeEmpty)
location := resp.Header().Get("Location")
So(location, ShouldNotBeEmpty)
@@ -159,11 +155,11 @@ func TestAuditLogMessages(t *testing.T) {
// blob upload
resp, err = resty.R().SetQueryParam("digest", digest.String()).
- SetBasicAuth(username, passphrase).
+ SetBasicAuth(username, password).
SetHeader("Content-Type", "application/octet-stream").SetBody(content).Put(loc)
So(err, ShouldBeNil)
So(resp.StatusCode(), ShouldEqual, http.StatusCreated)
- blobLoc := Location(baseURL, resp)
+ blobLoc := test.Location(baseURL, resp)
So(blobLoc, ShouldNotBeEmpty)
So(resp.Header().Get(constants.DistContentDigestKey), ShouldNotBeEmpty)
@@ -190,7 +186,7 @@ func TestAuditLogMessages(t *testing.T) {
So(auditLog.Object, ShouldEqual, putPath)
// delete this blob
- resp, err = resty.R().SetBasicAuth(username, passphrase).Delete(blobLoc)
+ resp, err = resty.R().SetBasicAuth(username, password).Delete(blobLoc)
So(err, ShouldBeNil)
So(resp.StatusCode(), ShouldEqual, http.StatusAccepted)
So(resp.Header().Get("Content-Length"), ShouldEqual, "0")
@@ -220,10 +216,10 @@ func TestAuditLogMessages(t *testing.T) {
Convey("Test PATCH request", func() {
path := "/v2/repo/blobs/uploads/"
- resp, err := resty.R().SetBasicAuth(username, passphrase).Post(baseURL + path)
+ resp, err := resty.R().SetBasicAuth(username, password).Post(baseURL + path)
So(err, ShouldBeNil)
So(resp.StatusCode(), ShouldEqual, http.StatusAccepted)
- loc := Location(baseURL, resp)
+ loc := test.Location(baseURL, resp)
So(loc, ShouldNotBeEmpty)
location := resp.Header().Get("Location")
So(location, ShouldNotBeEmpty)
@@ -257,7 +253,7 @@ func TestAuditLogMessages(t *testing.T) {
// write a chunk
contentRange := fmt.Sprintf("%d-%d", 0, len(chunk)-1)
- resp, err = resty.R().SetBasicAuth(username, passphrase).
+ resp, err = resty.R().SetBasicAuth(username, password).
SetHeader("Content-Type", "application/octet-stream").
SetHeader("Content-Range", contentRange).SetBody(chunk).Patch(loc)
So(err, ShouldBeNil)
diff --git a/pkg/storage/cache_benchmark_test.go b/pkg/storage/cache_benchmark_test.go
index 962eab9ebf..8792f85733 100644
--- a/pkg/storage/cache_benchmark_test.go
+++ b/pkg/storage/cache_benchmark_test.go
@@ -11,6 +11,7 @@ import (
"zotregistry.io/zot/pkg/log"
"zotregistry.io/zot/pkg/storage"
"zotregistry.io/zot/pkg/storage/cache"
+ test "zotregistry.io/zot/pkg/test/common"
)
const (
@@ -20,32 +21,19 @@ const (
datasetSize int = 5000
)
-func generateRandomString() string {
- //nolint: gosec
- seededRand := rand.New(rand.NewSource(time.Now().UnixNano()))
- charset := "abcdefghijklmnopqrstuvwxyz" + "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
-
- randomBytes := make([]byte, 10)
- for i := range randomBytes {
- randomBytes[i] = charset[seededRand.Intn(len(charset))]
- }
-
- return string(randomBytes)
-}
-
func generateData() map[godigest.Digest]string {
dataMap := make(map[godigest.Digest]string, datasetSize)
//nolint: gosec
seededRand := rand.New(rand.NewSource(time.Now().UnixNano()))
for i := 0; i < datasetSize; i++ {
- randomString := generateRandomString()
+ randomString := test.GenerateRandomString()
counter := 0
for seededRand.Float32() < 0.5 && counter < 5 {
counter++
randomString += "/"
- randomString += generateRandomString()
+ randomString += test.GenerateRandomString()
}
digest := godigest.FromString(randomString)
dataMap[digest] = randomString
@@ -209,7 +197,7 @@ func BenchmarkMixLocal(b *testing.B) {
func BenchmarkPutLocalstack(b *testing.B) {
log := log.NewLogger("error", "")
- tableName := generateRandomString()
+ tableName := test.GenerateRandomString()
// Create Table
_, err := exec.Command("aws", "dynamodb", "--region", region, "--endpoint-url", localEndpoint, "create-table",
@@ -234,7 +222,7 @@ func BenchmarkPutLocalstack(b *testing.B) {
func BenchmarkDeleteLocalstack(b *testing.B) {
log := log.NewLogger("error", "")
- tableName := generateRandomString()
+ tableName := test.GenerateRandomString()
// Create Table
_, err := exec.Command("aws", "dynamodb", "--region", region, "--endpoint-url", localEndpoint, "create-table",
@@ -263,7 +251,7 @@ func BenchmarkDeleteLocalstack(b *testing.B) {
func BenchmarkHasLocalstack(b *testing.B) {
log := log.NewLogger("error", "")
- tableName := generateRandomString()
+ tableName := test.GenerateRandomString()
// Create Table
_, err := exec.Command("aws", "dynamodb", "--region", region, "--endpoint-url", localEndpoint, "create-table",
@@ -292,7 +280,7 @@ func BenchmarkHasLocalstack(b *testing.B) {
func BenchmarkGetLocalstack(b *testing.B) {
log := log.NewLogger("error", "")
- tableName := generateRandomString()
+ tableName := test.GenerateRandomString()
// Create Table
_, err := exec.Command("aws", "dynamodb", "--region", region, "--endpoint-url", localEndpoint, "create-table",
@@ -331,7 +319,7 @@ func BenchmarkGetLocalstack(b *testing.B) {
func BenchmarkMixLocalstack(b *testing.B) {
log := log.NewLogger("error", "")
- tableName := generateRandomString()
+ tableName := test.GenerateRandomString()
// Create Table
_, err := exec.Command("aws", "dynamodb", "--region", region, "--endpoint-url", localEndpoint, "create-table",
@@ -367,7 +355,7 @@ func BenchmarkMixLocalstack(b *testing.B) {
func BenchmarkPutAWS(b *testing.B) {
log := log.NewLogger("error", "")
- tableName := generateRandomString()
+ tableName := test.GenerateRandomString()
// Create Table
_, err := exec.Command("aws", "dynamodb", "--region", region, "--endpoint-url", awsEndpoint, "create-table",
@@ -392,7 +380,7 @@ func BenchmarkPutAWS(b *testing.B) {
func BenchmarkDeleteAWS(b *testing.B) {
log := log.NewLogger("error", "")
- tableName := generateRandomString()
+ tableName := test.GenerateRandomString()
// Create Table
_, err := exec.Command("aws", "dynamodb", "--region", region, "--endpoint-url", awsEndpoint, "create-table",
@@ -421,7 +409,7 @@ func BenchmarkDeleteAWS(b *testing.B) {
func BenchmarkHasAWS(b *testing.B) {
log := log.NewLogger("error", "")
- tableName := generateRandomString()
+ tableName := test.GenerateRandomString()
// Create Table
_, err := exec.Command("aws", "dynamodb", "--region", region, "--endpoint-url", awsEndpoint, "create-table",
@@ -450,7 +438,7 @@ func BenchmarkHasAWS(b *testing.B) {
func BenchmarkGetAWS(b *testing.B) {
log := log.NewLogger("error", "")
- tableName := generateRandomString()
+ tableName := test.GenerateRandomString()
// Create Table
_, err := exec.Command("aws", "dynamodb", "--region", region, "--endpoint-url", awsEndpoint, "create-table",
@@ -489,7 +477,7 @@ func BenchmarkGetAWS(b *testing.B) {
func BenchmarkMixAWS(b *testing.B) {
log := log.NewLogger("error", "")
- tableName := generateRandomString()
+ tableName := test.GenerateRandomString()
// Create Table
_, err := exec.Command("aws", "dynamodb", "--region", region, "--endpoint-url", awsEndpoint, "create-table",
diff --git a/pkg/test/common/fs.go b/pkg/test/common/fs.go
index 7319b1abfc..fe7eb016e2 100644
--- a/pkg/test/common/fs.go
+++ b/pkg/test/common/fs.go
@@ -212,20 +212,13 @@ func ReadLogFileAndCountStringOccurence(logPath string, stringToMatch string,
}
}
-func MakeHtpasswdFile() string {
- // bcrypt(username="test", passwd="test")
- content := "test:$2y$05$hlbSXDp6hzDLu6VwACS39ORvVRpr3OMR4RlJ31jtlaOEGnPjKZI1m\n"
-
- return MakeHtpasswdFileFromString(content)
-}
-
func GetCredString(username, password string) string {
hash, err := bcrypt.GenerateFromPassword([]byte(password), 10)
if err != nil {
panic(err)
}
- usernameAndHash := fmt.Sprintf("%s:%s", username, string(hash))
+ usernameAndHash := fmt.Sprintf("%s:%s\n", username, string(hash))
return usernameAndHash
}
@@ -236,7 +229,6 @@ func MakeHtpasswdFileFromString(fileContent string) string {
panic(err)
}
- // bcrypt(username="test", passwd="test")
content := []byte(fileContent)
if err := os.WriteFile(htpasswdFile.Name(), content, 0o600); err != nil { //nolint:gomnd
panic(err)
diff --git a/pkg/test/common/fs_test.go b/pkg/test/common/fs_test.go
index 5165cf016e..43dea87515 100644
--- a/pkg/test/common/fs_test.go
+++ b/pkg/test/common/fs_test.go
@@ -11,6 +11,7 @@ import (
ispec "github.com/opencontainers/image-spec/specs-go/v1"
. "github.com/smartystreets/goconvey/convey"
+ "golang.org/x/crypto/bcrypt"
tcommon "zotregistry.io/zot/pkg/test/common"
)
@@ -215,5 +216,52 @@ func TestCopyTestKeysAndCerts(t *testing.T) {
err = tcommon.CopyTestKeysAndCerts(file)
So(err, ShouldNotBeNil)
+
+ // ----- /test/data doesn't exist ------
+ dir = t.TempDir()
+ file = filepath.Join(dir, "go.mod")
+ _, err = os.Create(file)
+ So(err, ShouldBeNil)
+ _, err = os.Stat(file)
+ So(err, ShouldBeNil)
+ os.Chdir(dir)
+ err = tcommon.CopyTestKeysAndCerts(dir)
+ So(err, ShouldNotBeNil)
+ So(err.Error(), ShouldContainSubstring, "CopyFiles os.Stat failed")
+
+ // --- GetProjectRootDir call fails -----
+ os.Chdir(os.TempDir())
+ err = tcommon.CopyTestKeysAndCerts(os.TempDir())
+ So(err, ShouldNotBeNil)
+ So(err, ShouldEqual, tcommon.ErrNoGoModFileFound)
})
}
+
+func TestGetProjectRootDir(t *testing.T) {
+ Convey("GetProjectRootDir", t, func() {
+ path, err := tcommon.GetProjectRootDir()
+ So(err, ShouldBeNil)
+ So(len(path), ShouldBeGreaterThan, 0)
+ })
+ Convey("GetProjectRootDir negative testing", t, func() {
+ os.Chdir(os.TempDir())
+ path, err := tcommon.GetProjectRootDir()
+ So(err, ShouldNotBeNil)
+ So(err, ShouldEqual, tcommon.ErrNoGoModFileFound)
+ So(path, ShouldBeZeroValue)
+ })
+
+}
+
+func TestGetCredString(t *testing.T) {
+ Convey("GetCredString panics", t, func() {
+ passwordSize := 100
+ pass := make([]byte, passwordSize)
+ for i := 0; i < passwordSize; i++ {
+ pass[i] = 'Y'
+ }
+ f := func() { tcommon.GetCredString("testUser", string(pass)) }
+ So(f, ShouldPanicWith, bcrypt.ErrPasswordTooLong)
+ })
+
+}
diff --git a/pkg/test/common/utils.go b/pkg/test/common/utils.go
index 43c6102ae5..e0df8b505b 100644
--- a/pkg/test/common/utils.go
+++ b/pkg/test/common/utils.go
@@ -4,6 +4,7 @@ import (
"context"
"errors"
"fmt"
+ "math/rand"
"net/http"
"net/url"
"os"
@@ -15,9 +16,10 @@ import (
)
const (
- BaseURL = "http://127.0.0.1:%s"
- BaseSecureURL = "https://127.0.0.1:%s"
- SleepTime = 100 * time.Millisecond
+ BaseURL = "http://127.0.0.1:%s"
+ BaseSecureURL = "https://127.0.0.1:%s"
+ SleepTime = 100 * time.Millisecond
+ AuthorizationAllRepos = "**"
)
type isser interface {
@@ -177,3 +179,31 @@ func CustomRedirectPolicy(noOfRedirect int) resty.RedirectPolicy {
return nil
})
}
+
+// Generates a random string with length 10 from lower case & upper case characters.
+func GenerateRandomString() string {
+ //nolint: gosec
+ seededRand := rand.New(rand.NewSource(time.Now().UnixNano()))
+ charset := "abcdefghijklmnopqrstuvwxyz" + "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+
+ randomBytes := make([]byte, 10)
+ for i := range randomBytes {
+ randomBytes[i] = charset[seededRand.Intn(len(charset))]
+ }
+
+ return string(randomBytes)
+}
+
+// Generates a random string with length 10 from lower case characters and digits.
+func GenerateRandomName() string {
+ //nolint: gosec
+ seededRand := rand.New(rand.NewSource(time.Now().UnixNano()))
+ charset := "abcdefghijklmnopqrstuvwxyz" + "0123456789"
+
+ randomBytes := make([]byte, 10)
+ for i := range randomBytes {
+ randomBytes[i] = charset[seededRand.Intn(len(charset))]
+ }
+
+ return string(randomBytes)
+}