fix(registry): use plain-http registry in token-auth scope test

The scope test configured a TLS registry while advertising an http token
realm. oras refuses to send credentials to an http token realm when the
registry itself was contacted over https, so the auth server was never
reached and the test timed out ("timeout waiting for auth request").

Use a plain-http registry so the registry and token-realm schemes match;
the scope carried in the token request is what this test verifies, and
that is independent of TLS.

Also make the auth handler's channel send non-blocking so that a client
retry can never block the handler and stall the push/pull flow, which
addresses the review comment about a potential deadlock.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Signed-off-by: kimsm28 <sm28.kim@samsung.com>
pull/31211/head
kimsm28 7 days ago
parent 26ada49c1a
commit 3cbee7e935

@ -30,17 +30,18 @@ import (
)
type RegistryScopeTestSuite struct {
TestSuite
TestRegistry
}
func (suite *RegistryScopeTestSuite) SetupSuite() {
// set registry use token auth
dockerRegistry := setup(&suite.TestSuite, true, true, "token")
// Start Docker registry
go dockerRegistry.ListenAndServe()
// Set up a plain-HTTP registry that uses token auth. The token realm is
// served over http (see setup), so the registry must be contacted over
// http as well: oras refuses to send credentials to an http token realm
// when the registry itself was reached over https.
setup(&suite.TestRegistry, false, false, "token")
}
func (suite *RegistryScopeTestSuite) TearDownSuite() {
teardown(&suite.TestSuite)
teardown(&suite.TestRegistry)
os.RemoveAll(suite.WorkspaceDir)
}
@ -48,7 +49,13 @@ func (suite *RegistryScopeTestSuite) Test_1_Check_Push_Request_Scope() {
requestURL := make(chan string, 1)
handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
requestURL <- r.URL.String()
// Capture only the first auth request; never block the handler if the
// client happens to retry, so the auth server always responds and the
// push/pull flow can't deadlock waiting on us.
select {
case requestURL <- r.URL.String():
default:
}
w.WriteHeader(http.StatusOK)
})
listener, err := net.Listen("tcp", suite.AuthServerHost)
@ -88,7 +95,13 @@ func (suite *RegistryScopeTestSuite) Test_2_Check_Pull_Request_Scope() {
requestURL := make(chan string, 1)
handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
requestURL <- r.URL.String()
// Capture only the first auth request; never block the handler if the
// client happens to retry, so the auth server always responds and the
// push/pull flow can't deadlock waiting on us.
select {
case requestURL <- r.URL.String():
default:
}
w.WriteHeader(http.StatusOK)
})
listener, err := net.Listen("tcp", suite.AuthServerHost)

Loading…
Cancel
Save