msb-public
/
helm
mirror of https://github.com/helm/helm
1
0
Code Issues Projects Releases Wiki Activity

Merge b8edb5d773 into 67496bb2c2

Browse Source
pull/31129/merge
kimsungmin1 4 days ago committed by GitHub
parent 67496bb2c2 b8edb5d773
commit e79e572420
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
9 changed files with 169 additions and 21 deletions
Show Stats Download Patch File Download Diff File

4
go.mod
Unescape View File

@ -26,7 +26,6 @@ require (
github.com/mitchellh/copystructure v1.2.0 github.com/mitchellh/copystructure v1.2.0
github.com/moby/term v0.5.2 github.com/moby/term v0.5.2
github.com/opencontainers/image-spec v1.1.1 github.com/opencontainers/image-spec v1.1.1
github.com/phayes/freeport v0.0.0-20220201140144-74d24b5ae9f5
github.com/pkg/errors v0.9.1 github.com/pkg/errors v0.9.1
github.com/rubenv/sql-migrate v1.8.0 github.com/rubenv/sql-migrate v1.8.0
github.com/santhosh-tekuri/jsonschema/v6 v6.0.2 github.com/santhosh-tekuri/jsonschema/v6 v6.0.2
@ -78,6 +77,7 @@ require (
github.com/fxamacker/cbor/v2 v2.9.0 // indirect github.com/fxamacker/cbor/v2 v2.9.0 // indirect
github.com/go-errors/errors v1.4.2 // indirect github.com/go-errors/errors v1.4.2 // indirect
github.com/go-gorp/gorp/v3 v3.1.0 // indirect github.com/go-gorp/gorp/v3 v3.1.0 // indirect
github.com/go-jose/go-jose/v4 v4.0.5 // indirect
github.com/go-logr/logr v1.4.2 // indirect github.com/go-logr/logr v1.4.2 // indirect
github.com/go-logr/stdr v1.2.2 // indirect github.com/go-logr/stdr v1.2.2 // indirect
github.com/go-openapi/jsonpointer v0.21.0 // indirect github.com/go-openapi/jsonpointer v0.21.0 // indirect
@ -106,7 +106,7 @@ require (
github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect
github.com/mailru/easyjson v0.7.7 // indirect github.com/mailru/easyjson v0.7.7 // indirect
github.com/mattn/go-colorable v0.1.13 // indirect github.com/mattn/go-colorable v0.1.13 // indirect
github.com/mattn/go-isatty v0.0.17 // indirect github.com/mattn/go-isatty v0.0.20 // indirect
github.com/mattn/go-runewidth v0.0.9 // indirect github.com/mattn/go-runewidth v0.0.9 // indirect
github.com/miekg/dns v1.1.57 // indirect github.com/miekg/dns v1.1.57 // indirect
github.com/mitchellh/go-wordwrap v1.0.1 // indirect github.com/mitchellh/go-wordwrap v1.0.1 // indirect

9
go.sum
Unescape View File

@ -104,6 +104,8 @@ github.com/go-errors/errors v1.4.2 h1:J6MZopCL4uSllY1OfXM374weqZFFItUbrImctkmUxI
github.com/go-errors/errors v1.4.2/go.mod h1:sIVyrIiJhuEF+Pj9Ebtd6P/rEYROXFi3BopGUQ5a5Og= github.com/go-errors/errors v1.4.2/go.mod h1:sIVyrIiJhuEF+Pj9Ebtd6P/rEYROXFi3BopGUQ5a5Og=
github.com/go-gorp/gorp/v3 v3.1.0 h1:ItKF/Vbuj31dmV4jxA1qblpSwkl9g1typ24xoe70IGs= github.com/go-gorp/gorp/v3 v3.1.0 h1:ItKF/Vbuj31dmV4jxA1qblpSwkl9g1typ24xoe70IGs=
github.com/go-gorp/gorp/v3 v3.1.0/go.mod h1:dLEjIyyRNiXvNZ8PSmzpt1GsWAUK8kjVhEpjH8TixEw= github.com/go-gorp/gorp/v3 v3.1.0/go.mod h1:dLEjIyyRNiXvNZ8PSmzpt1GsWAUK8kjVhEpjH8TixEw=
github.com/go-jose/go-jose/v4 v4.0.5 h1:M6T8+mKZl/+fNNuFHvGIzDz7BTLQPIounk/b9dw3AaE=
github.com/go-jose/go-jose/v4 v4.0.5/go.mod h1:s3P1lRrkT8igV8D9OjyL4WRyHvjB6a4JSllnOrmmBOA=
github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
@ -216,8 +218,8 @@ github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovk
github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94= github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94=
github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
github.com/mattn/go-isatty v0.0.17 h1:BTarxUcIeDqL27Mc+vyvdWYSL28zpIhv3RoTdsLMPng= github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
github.com/mattn/go-isatty v0.0.17/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
github.com/mattn/go-runewidth v0.0.9 h1:Lm995f3rfxdpd6TSmuVCHVb/QhupuXlYr8sCI/QdE+0= github.com/mattn/go-runewidth v0.0.9 h1:Lm995f3rfxdpd6TSmuVCHVb/QhupuXlYr8sCI/QdE+0=
github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI= github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI=
github.com/mattn/go-shellwords v1.0.12 h1:M2zGm7EW6UQJvDeQxo4T51eKPurbeFbe8WtebGE2xrk= github.com/mattn/go-shellwords v1.0.12 h1:M2zGm7EW6UQJvDeQxo4T51eKPurbeFbe8WtebGE2xrk=
@ -262,8 +264,6 @@ github.com/opencontainers/image-spec v1.1.1 h1:y0fUlFfIZhPF1W537XOLg0/fcx6zcHCJw
github.com/opencontainers/image-spec v1.1.1/go.mod h1:qpqAh3Dmcf36wStyyWU+kCeDgrGnAve2nCC8+7h8Q0M= github.com/opencontainers/image-spec v1.1.1/go.mod h1:qpqAh3Dmcf36wStyyWU+kCeDgrGnAve2nCC8+7h8Q0M=
github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+vxiaj6gdUUzhl4XmI= github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+vxiaj6gdUUzhl4XmI=
github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU= github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU=
github.com/phayes/freeport v0.0.0-20220201140144-74d24b5ae9f5 h1:Ii+DKncOVM8Cu1Hc+ETb5K+23HdAMvESYE3ZJ5b5cMI=
github.com/phayes/freeport v0.0.0-20220201140144-74d24b5ae9f5/go.mod h1:iIss55rKnNBTvrwdmkUpLnDpZoAHvWaiq5+iMmen4AE=
github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
@ -456,6 +456,7 @@ golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBc
golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=

10
pkg/registry/client.go
Unescape View File

@ -779,6 +779,8 @@ func (c *Client) Push(data []byte, ref string, options ...PushOption) (*PushResu
repository.PlainHTTP = c.plainHTTP repository.PlainHTTP = c.plainHTTP
repository.Client = c.authorizer repository.Client = c.authorizer
ctx = WithScopeHint(ctx, repository, auth.ActionPush, auth.ActionPull)
manifestDescriptor, err = oras.ExtendedCopy(ctx, memoryStore, parsedRef.String(), repository, parsedRef.String(), oras.DefaultExtendedCopyOptions) manifestDescriptor, err = oras.ExtendedCopy(ctx, memoryStore, parsedRef.String(), repository, parsedRef.String(), oras.DefaultExtendedCopyOptions)
if err != nil { if err != nil {
return nil, err return nil, err
@ -989,3 +991,11 @@ func (c *Client) tagManifest(ctx context.Context, memoryStore *memory.Store,
return oras.TagBytes(ctx, memoryStore, ocispec.MediaTypeImageManifest, return oras.TagBytes(ctx, memoryStore, ocispec.MediaTypeImageManifest,
manifestData, parsedRef.String()) manifestData, parsedRef.String())
} }
// WithScopeHint adds a hinted scope to the context.
func WithScopeHint(ctx context.Context, target any, actions ...string) context.Context {
if repo, ok := target.(*remote.Repository); ok {
return auth.AppendRepositoryScope(ctx, repo.Reference, actions...)
}
return ctx
}

2
pkg/registry/client_http_test.go
Unescape View File

@ -33,7 +33,7 @@ type HTTPRegistryClientTestSuite struct {
func (suite *HTTPRegistryClientTestSuite) SetupSuite() { func (suite *HTTPRegistryClientTestSuite) SetupSuite() {
// init test client // init test client
dockerRegistry := setup(&suite.TestSuite, false, false) dockerRegistry := setup(&suite.TestSuite, false, false, "htpasswd")
// Start Docker registry // Start Docker registry
go dockerRegistry.ListenAndServe() go dockerRegistry.ListenAndServe()

2
pkg/registry/client_insecure_tls_test.go
Unescape View File

@ -29,7 +29,7 @@ type InsecureTLSRegistryClientTestSuite struct {
func (suite *InsecureTLSRegistryClientTestSuite) SetupSuite() { func (suite *InsecureTLSRegistryClientTestSuite) SetupSuite() {
// init test client // init test client
dockerRegistry := setup(&suite.TestSuite, true, true) dockerRegistry := setup(&suite.TestSuite, true, true, "htpasswd")
// Start Docker registry // Start Docker registry
go dockerRegistry.ListenAndServe() go dockerRegistry.ListenAndServe()

112
pkg/registry/client_scope_test.go
Unescape View File

@ -0,0 +1,112 @@
/*
Copyright The Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package registry
import (
"context"
"fmt"
"log"
"net/http"
"os"
"testing"
"github.com/stretchr/testify/suite"
)
type RegistryScopeTestSuite struct {
TestSuite
}
func (suite *RegistryScopeTestSuite) SetupSuite() {
// set registry use token auth
dockerRegistry := setup(&suite.TestSuite, true, true, "token")
// Start Docker registry
go dockerRegistry.ListenAndServe()
}
func (suite *RegistryScopeTestSuite) TearDownSuite() {
teardown(&suite.TestSuite)
os.RemoveAll(suite.WorkspaceDir)
}
func (suite *RegistryScopeTestSuite) Test_1_Cehck_Push_Request_Scope() {
//set simple auth server to check the auth request scope
server := &http.Server{
Addr: suite.AuthServerHost,
Handler: http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
suite.Equal(string("/auth?scope=repository%3Atestrepo%2Flocal-subchart%3Apull%2Cpush&service=testservice"), r.URL.String())
w.WriteHeader(http.StatusOK)
}),
}
go func() {
err := server.ListenAndServe()
if err != nil && err != http.ErrServerClosed {
log.Fatalf("http server failed to ListenAndServe:%v", err)
}
}()
// basic push, good ref
testingChartCreationTime := "1977-09-02T22:04:05Z"
chartData, err := os.ReadFile("../downloader/testdata/local-subchart-0.1.0.tgz")
suite.Nil(err, "no error loading test chart")
meta, err := extractChartMeta(chartData)
suite.Nil(err, "no error extracting chart meta")
ref := fmt.Sprintf("%s/testrepo/%s:%s", suite.DockerRegistryHost, meta.Name, meta.Version)
_, err = suite.RegistryClient.Push(chartData, ref, PushOptCreationTime(testingChartCreationTime))
suite.NotNil(err, "error pushing good ref because auth server don't give proper token")
//shutdown auth server
err = server.Shutdown(context.Background())
suite.Nil(err, "shutdown simple auth server")
}
func (suite *RegistryScopeTestSuite) Test_2_Cehck_Pull_Request_Scope() {
//set simple auth server to check the auth request scope
server := &http.Server{
Addr: suite.AuthServerHost,
Handler: http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
suite.Equal(string("/auth?scope=repository%3Atestrepo%2Flocal-subchart%3Apull&service=testservice"), r.URL.String())
w.WriteHeader(http.StatusOK)
}),
}
go func() {
err := server.ListenAndServe()
if err != nil && err != http.ErrServerClosed {
log.Fatalf("http server failed to ListenAndServe:%v", err)
}
}()
// Load test chart (to build ref pushed in previous test)
// Simple pull, chart only
chartData, err := os.ReadFile("../downloader/testdata/local-subchart-0.1.0.tgz")
suite.Nil(err, "no error loading test chart")
meta, err := extractChartMeta(chartData)
suite.Nil(err, "no error extracting chart meta")
ref := fmt.Sprintf("%s/testrepo/%s:%s", suite.DockerRegistryHost, meta.Name, meta.Version)
_, err = suite.RegistryClient.Pull(ref)
suite.NotNil(err, "error pulling a simple chart because auth server don't give proper token")
//shutdown auth server
err = server.Shutdown(context.Background())
suite.Nil(err, "shutdown simple auth server")
}
func TestRegistryScopeTestSuite(t *testing.T) {
suite.Run(t, new(RegistryScopeTestSuite))
}

2
pkg/registry/client_tls_test.go
Unescape View File

@ -29,7 +29,7 @@ type TLSRegistryClientTestSuite struct {
func (suite *TLSRegistryClientTestSuite) SetupSuite() { func (suite *TLSRegistryClientTestSuite) SetupSuite() {
// init test client // init test client
dockerRegistry := setup(&suite.TestSuite, true, false) dockerRegistry := setup(&suite.TestSuite, true, false, "htpasswd")
// Start Docker registry // Start Docker registry
go dockerRegistry.ListenAndServe() go dockerRegistry.ListenAndServe()

31
pkg/registry/utils_test.go
Unescape View File

@ -34,9 +34,9 @@ import (
"github.com/distribution/distribution/v3/configuration" "github.com/distribution/distribution/v3/configuration"
"github.com/distribution/distribution/v3/registry" "github.com/distribution/distribution/v3/registry"
_ "github.com/distribution/distribution/v3/registry/auth/htpasswd" _ "github.com/distribution/distribution/v3/registry/auth/htpasswd"
_ "github.com/distribution/distribution/v3/registry/auth/token"
_ "github.com/distribution/distribution/v3/registry/storage/driver/inmemory" _ "github.com/distribution/distribution/v3/registry/storage/driver/inmemory"
"github.com/foxcpp/go-mockdns" "github.com/foxcpp/go-mockdns"
"github.com/phayes/freeport"
"github.com/stretchr/testify/suite" "github.com/stretchr/testify/suite"
"golang.org/x/crypto/bcrypt" "golang.org/x/crypto/bcrypt"
@ -56,12 +56,15 @@ var (
testHtpasswdFileBasename = "authtest.htpasswd" testHtpasswdFileBasename = "authtest.htpasswd"
testUsername = "myuser" testUsername = "myuser"
testPassword = "mypass" testPassword = "mypass"
testIssuer = "testissuer"
testService = "testservice"
) )
type TestSuite struct { type TestSuite struct {
suite.Suite suite.Suite
Out io.Writer Out io.Writer
DockerRegistryHost string DockerRegistryHost string
AuthServerHost string
CompromisedRegistryHost string CompromisedRegistryHost string
WorkspaceDir string WorkspaceDir string
RegistryClient *Client RegistryClient *Client
@ -71,7 +74,7 @@ type TestSuite struct {
srv *mockdns.Server srv *mockdns.Server
} }
func setup(suite *TestSuite, tlsEnabled, insecure bool) *registry.Registry { func setup(suite *TestSuite, tlsEnabled, insecure bool, auth string) *registry.Registry {
suite.WorkspaceDir = testWorkspaceDir suite.WorkspaceDir = testWorkspaceDir
os.RemoveAll(suite.WorkspaceDir) os.RemoveAll(suite.WorkspaceDir)
os.Mkdir(suite.WorkspaceDir, 0700) os.Mkdir(suite.WorkspaceDir, 0700)
@ -122,12 +125,14 @@ func setup(suite *TestSuite, tlsEnabled, insecure bool) *registry.Registry {
// Registry config // Registry config
config := &configuration.Configuration{} config := &configuration.Configuration{}
port, err := freeport.GetFreePort() ln, err := net.Listen("tcp", "127.0.0.1:0")
suite.Nil(err, "no error finding free port for test registry") suite.Nil(err, "no error finding free port for test registry")
defer ln.Close()
// Change the registry host to another host which is not localhost. // Change the registry host to another host which is not localhost.
// This is required because Docker enforces HTTP if the registry // This is required because Docker enforces HTTP if the registry
// host is localhost/127.0.0.1. // host is localhost/127.0.0.1.
port := ln.Addr().(*net.TCPAddr).Port
if suite.DockerRegistryHost == "" { if suite.DockerRegistryHost == "" {
suite.DockerRegistryHost = fmt.Sprintf("helm-test-registry:%d%s", port, suite.Repo) suite.DockerRegistryHost = fmt.Sprintf("helm-test-registry:%d%s", port, suite.Repo)
} else { } else {
@ -142,16 +147,34 @@ func setup(suite *TestSuite, tlsEnabled, insecure bool) *registry.Registry {
suite.Nil(err, "no error creating mock DNS server") suite.Nil(err, "no error creating mock DNS server")
suite.srv.PatchNet(net.DefaultResolver) suite.srv.PatchNet(net.DefaultResolver)
config.HTTP.Addr = fmt.Sprintf(":%d", port) config.HTTP.Addr = ln.Addr().String()
config.HTTP.DrainTimeout = time.Duration(10) * time.Second config.HTTP.DrainTimeout = time.Duration(10) * time.Second
config.Storage = map[string]configuration.Parameters{"inmemory": map[string]interface{}{}} config.Storage = map[string]configuration.Parameters{"inmemory": map[string]interface{}{}}
if auth == "token" {
ln, err := net.Listen("tcp", "127.0.0.1:0")
suite.Nil(err, "no error finding free port for test auth server")
defer ln.Close()
//set test auth server host
suite.AuthServerHost = ln.Addr().String()
config.Auth = configuration.Auth{
"token": configuration.Parameters{
"realm": "http://" + suite.AuthServerHost + "/auth",
"service": testService,
"issuer": testIssuer,
"rootcertbundle": tlsServerCert,
},
}
} else {
config.Auth = configuration.Auth{ config.Auth = configuration.Auth{
"htpasswd": configuration.Parameters{ "htpasswd": configuration.Parameters{
"realm": "localhost", "realm": "localhost",
"path": htpasswdPath, "path": htpasswdPath,
}, },
} }
}
// config tls // config tls
if tlsEnabled { if tlsEnabled {

8
pkg/repo/repotest/server.go
Unescape View File

@ -18,6 +18,7 @@ package repotest
import ( import (
"context" "context"
"fmt" "fmt"
"net"
"net/http" "net/http"
"net/http/httptest" "net/http/httptest"
"os" "os"
@ -29,7 +30,6 @@ import (
"github.com/distribution/distribution/v3/registry" "github.com/distribution/distribution/v3/registry"
_ "github.com/distribution/distribution/v3/registry/auth/htpasswd" // used for docker test registry _ "github.com/distribution/distribution/v3/registry/auth/htpasswd" // used for docker test registry
_ "github.com/distribution/distribution/v3/registry/storage/driver/inmemory" // used for docker test registry _ "github.com/distribution/distribution/v3/registry/storage/driver/inmemory" // used for docker test registry
"github.com/phayes/freeport"
"golang.org/x/crypto/bcrypt" "golang.org/x/crypto/bcrypt"
"sigs.k8s.io/yaml" "sigs.k8s.io/yaml"
@ -108,12 +108,14 @@ func NewOCIServer(t *testing.T, dir string) (*OCIServer, error) {
// Registry config // Registry config
config := &configuration.Configuration{} config := &configuration.Configuration{}
port, err := freeport.GetFreePort() ln, err := net.Listen("tcp", "127.0.0.1:0")
if err != nil { if err != nil {
t.Fatalf("error finding free port for test registry") t.Fatalf("error finding free port for test registry")
} }
defer ln.Close()
config.HTTP.Addr = fmt.Sprintf(":%d", port) port := ln.Addr().(*net.TCPAddr).Port
config.HTTP.Addr = ln.Addr().String()
config.HTTP.DrainTimeout = time.Duration(10) * time.Second config.HTTP.DrainTimeout = time.Duration(10) * time.Second
config.Storage = map[string]configuration.Parameters{"inmemory": map[string]interface{}{}} config.Storage = map[string]configuration.Parameters{"inmemory": map[string]interface{}{}}
config.Auth = configuration.Auth{ config.Auth = configuration.Auth{

Write Preview
Loading…
Cancel
Save