Revamped testregistry and login tests

Signed-off-by: apostasie <[email protected]>

Author: apostasie

cmd/nerdctl/compose_run_linux_test.go

@@ -432,12 +432,13 @@ func TestComposePushAndPullWithCosignVerify(t *testing.T) {
 	keyPair := newCosignKeyPair(t, "cosign-key-pair")
 	defer keyPair.cleanup()
 
-	reg := testregistry.NewPlainHTTP(base, 5000)
-	defer reg.Cleanup()
+	reg := testregistry.NewWithNoAuth(base, 0, false)
+	defer reg.Cleanup(nil)
+
 	localhostIP := "127.0.0.1"
 	t.Logf("localhost IP=%q", localhostIP)
 	testImageRefPrefix := fmt.Sprintf("%s:%d/",
-		localhostIP, reg.ListenPort)
+		localhostIP, reg.Port)
 	t.Logf("testImageRefPrefix=%q", testImageRefPrefix)
 
 	var (

cmd/nerdctl/container_run_verify_linux_test.go

@@ -34,12 +34,13 @@ func TestRunVerifyCosign(t *testing.T) {
 	base := testutil.NewBase(t)
 	defer base.Cmd("builder", "prune").Run()
 	tID := testutil.Identifier(t)
-	reg := testregistry.NewPlainHTTP(base, 5000)
-	defer reg.Cleanup()
+	reg := testregistry.NewWithNoAuth(base, 0, false)
+	defer reg.Cleanup(nil)
+
 	localhostIP := "127.0.0.1"
 	t.Logf("localhost IP=%q", localhostIP)
 	testImageRef := fmt.Sprintf("%s:%d/%s",
-		localhostIP, reg.ListenPort, tID)
+		localhostIP, reg.Port, tID)
 	t.Logf("testImageRef=%q", testImageRef)
 
 	dockerfile := fmt.Sprintf(`FROM %s

cmd/nerdctl/image_convert_linux_test.go

@@ -33,7 +33,10 @@ func TestImageConvertNydus(t *testing.T) {
 	}
 	testutil.RequireExecutable(t, "nydus-image")
 	testutil.DockerIncompatible(t)
+
 	base := testutil.NewBase(t)
+	t.Parallel()
+
 	convertedImage := testutil.Identifier(t) + ":nydus"
 	base.Cmd("rmi", convertedImage).Run()
 	base.Cmd("pull", testutil.CommonImage).AssertOK()
@@ -48,18 +51,20 @@ func TestImageConvertNydus(t *testing.T) {
 		t.Skip("Nydusify check is not supported rootless mode.")
 	}
 
-	// skip if nydusify is not installed
+	// skip if nydusify and nydusd are not installed
 	testutil.RequireExecutable(t, "nydusify")
+	testutil.RequireExecutable(t, "nydusd")
 
 	// setup local docker registry
-	registryPort := 15000
-	registry := testregistry.NewPlainHTTP(base, registryPort)
-	defer registry.Cleanup()
+	registry := testregistry.NewWithNoAuth(base, 0, false)
+	remoteImage := fmt.Sprintf("%s:%d/nydusd-image:test", "localhost", registry.Port)
+	t.Cleanup(func() {
+		base.Cmd("rmi", remoteImage).Run()
+		registry.Cleanup(nil)
+	})
 
-	remoteImage := fmt.Sprintf("%s:%d/nydusd-image:test", registry.IP.String(), registryPort)
 	base.Cmd("tag", convertedImage, remoteImage).AssertOK()
-	defer base.Cmd("rmi", remoteImage).Run()
-	base.Cmd("push", "--insecure-registry", remoteImage).AssertOK()
+	base.Cmd("push", remoteImage).AssertOK()
 	nydusifyCmd := testutil.Cmd{
 		Cmd: icmd.Command(
 			"nydusify",
@@ -73,5 +78,8 @@ func TestImageConvertNydus(t *testing.T) {
 		),
 		Base: base,
 	}
+
+	// nydus is creating temporary files - make sure we are in a proper location for that
+	nydusifyCmd.Cmd.Dir = base.T.TempDir()
 	nydusifyCmd.AssertOK()
 }

cmd/nerdctl/image_encrypt_linux_test.go

@@ -113,10 +113,10 @@ func TestImageEncryptJWE(t *testing.T) {
 	defer keyPair.cleanup()
 	base := testutil.NewBase(t)
 	tID := testutil.Identifier(t)
-	reg := testregistry.NewPlainHTTP(base, 5000)
-	defer reg.Cleanup()
+	reg := testregistry.NewWithNoAuth(base, 0, false)
+	defer reg.Cleanup(nil)
 	base.Cmd("pull", testutil.CommonImage).AssertOK()
-	encryptImageRef := fmt.Sprintf("127.0.0.1:%d/%s:encrypted", reg.ListenPort, tID)
+	encryptImageRef := fmt.Sprintf("127.0.0.1:%d/%s:encrypted", reg.Port, tID)
 	defer base.Cmd("rmi", encryptImageRef).Run()
 	base.Cmd("image", "encrypt", "--recipient=jwe:"+keyPair.pub, testutil.CommonImage, encryptImageRef).AssertOK()
 	base.Cmd("image", "inspect", "--mode=native", "--format={{len .Index.Manifests}}", encryptImageRef).AssertOutExactly("1\n")

cmd/nerdctl/image_pull_linux_test.go

@@ -67,12 +67,12 @@ func TestImageVerifyWithCosign(t *testing.T) {
 	base := testutil.NewBase(t)
 	defer base.Cmd("builder", "prune").Run()
 	tID := testutil.Identifier(t)
-	reg := testregistry.NewPlainHTTP(base, 5000)
-	defer reg.Cleanup()
+	reg := testregistry.NewWithNoAuth(base, 0, false)
+	defer reg.Cleanup(nil)
 	localhostIP := "127.0.0.1"
 	t.Logf("localhost IP=%q", localhostIP)
 	testImageRef := fmt.Sprintf("%s:%d/%s",
-		localhostIP, reg.ListenPort, tID)
+		localhostIP, reg.Port, tID)
 	t.Logf("testImageRef=%q", testImageRef)
 
 	dockerfile := fmt.Sprintf(`FROM %s
@@ -91,8 +91,8 @@ func TestImagePullPlainHttpWithDefaultPort(t *testing.T) {
 	testutil.RequiresBuild(t)
 	base := testutil.NewBase(t)
 	defer base.Cmd("builder", "prune").Run()
-	reg := testregistry.NewPlainHTTP(base, 80)
-	defer reg.Cleanup()
+	reg := testregistry.NewWithNoAuth(base, 80, false)
+	defer reg.Cleanup(nil)
 	testImageRef := fmt.Sprintf("%s/%s:%s",
 		reg.IP.String(), testutil.Identifier(t), strings.Split(testutil.CommonImage, ":")[1])
 	t.Logf("testImageRef=%q", testImageRef)
@@ -117,12 +117,12 @@ func TestImageVerifyWithCosignShouldFailWhenKeyIsNotCorrect(t *testing.T) {
 	base := testutil.NewBase(t)
 	defer base.Cmd("builder", "prune").Run()
 	tID := testutil.Identifier(t)
-	reg := testregistry.NewPlainHTTP(base, 5000)
-	defer reg.Cleanup()
+	reg := testregistry.NewWithNoAuth(base, 0, false)
+	defer reg.Cleanup(nil)
 	localhostIP := "127.0.0.1"
 	t.Logf("localhost IP=%q", localhostIP)
 	testImageRef := fmt.Sprintf("%s:%d/%s",
-		localhostIP, reg.ListenPort, tID)
+		localhostIP, reg.Port, tID)
 	t.Logf("testImageRef=%q", testImageRef)
 
 	dockerfile := fmt.Sprintf(`FROM %s

cmd/nerdctl/image_push_linux_test.go

@@ -30,12 +30,12 @@ import (
 func TestPushPlainHTTPFails(t *testing.T) {
 	testutil.RequiresBuild(t)
 	base := testutil.NewBase(t)
-	reg := testregistry.NewPlainHTTP(base, 5000)
-	defer reg.Cleanup()
+	reg := testregistry.NewWithNoAuth(base, 0, false)
+	defer reg.Cleanup(nil)
 
 	base.Cmd("pull", testutil.CommonImage).AssertOK()
 	testImageRef := fmt.Sprintf("%s:%d/%s:%s",
-		reg.IP.String(), reg.ListenPort, testutil.Identifier(t), strings.Split(testutil.CommonImage, ":")[1])
+		reg.IP.String(), reg.Port, testutil.Identifier(t), strings.Split(testutil.CommonImage, ":")[1])
 	t.Logf("testImageRef=%q", testImageRef)
 	base.Cmd("tag", testutil.CommonImage, testImageRef).AssertOK()
 
@@ -49,14 +49,14 @@ func TestPushPlainHTTPFails(t *testing.T) {
 func TestPushPlainHTTPLocalhost(t *testing.T) {
 	testutil.RequiresBuild(t)
 	base := testutil.NewBase(t)
-	reg := testregistry.NewPlainHTTP(base, 5000)
-	defer reg.Cleanup()
+	reg := testregistry.NewWithNoAuth(base, 0, false)
+	defer reg.Cleanup(nil)
 	localhostIP := "127.0.0.1"
 	t.Logf("localhost IP=%q", localhostIP)
 
 	base.Cmd("pull", testutil.CommonImage).AssertOK()
 	testImageRef := fmt.Sprintf("%s:%d/%s:%s",
-		localhostIP, reg.ListenPort, testutil.Identifier(t), strings.Split(testutil.CommonImage, ":")[1])
+		localhostIP, reg.Port, testutil.Identifier(t), strings.Split(testutil.CommonImage, ":")[1])
 	t.Logf("testImageRef=%q", testImageRef)
 	base.Cmd("tag", testutil.CommonImage, testImageRef).AssertOK()
 
@@ -69,12 +69,12 @@ func TestPushPlainHTTPInsecure(t *testing.T) {
 	testutil.DockerIncompatible(t)
 
 	base := testutil.NewBase(t)
-	reg := testregistry.NewPlainHTTP(base, 5000)
-	defer reg.Cleanup()
+	reg := testregistry.NewWithNoAuth(base, 0, false)
+	defer reg.Cleanup(nil)
 
 	base.Cmd("pull", testutil.CommonImage).AssertOK()
 	testImageRef := fmt.Sprintf("%s:%d/%s:%s",
-		reg.IP.String(), reg.ListenPort, testutil.Identifier(t), strings.Split(testutil.CommonImage, ":")[1])
+		reg.IP.String(), reg.Port, testutil.Identifier(t), strings.Split(testutil.CommonImage, ":")[1])
 	t.Logf("testImageRef=%q", testImageRef)
 	base.Cmd("tag", testutil.CommonImage, testImageRef).AssertOK()
 
@@ -87,8 +87,8 @@ func TestPushPlainHttpInsecureWithDefaultPort(t *testing.T) {
 	testutil.DockerIncompatible(t)
 
 	base := testutil.NewBase(t)
-	reg := testregistry.NewPlainHTTP(base, 80)
-	defer reg.Cleanup()
+	reg := testregistry.NewWithNoAuth(base, 80, false)
+	defer reg.Cleanup(nil)
 
 	base.Cmd("pull", testutil.CommonImage).AssertOK()
 	testImageRef := fmt.Sprintf("%s/%s:%s",
@@ -105,14 +105,14 @@ func TestPushInsecureWithLogin(t *testing.T) {
 	testutil.DockerIncompatible(t)
 
 	base := testutil.NewBase(t)
-	reg := testregistry.NewHTTPS(base, "admin", "badmin")
-	defer reg.Cleanup()
+	reg := testregistry.NewWithTokenAuth(base, "admin", "badmin", 0, true)
+	defer reg.Cleanup(nil)
 
 	base.Cmd("--insecure-registry", "login", "-u", "admin", "-p", "badmin",
-		fmt.Sprintf("%s:%d", reg.IP.String(), reg.ListenPort)).AssertOK()
+		fmt.Sprintf("%s:%d", reg.IP.String(), reg.Port)).AssertOK()
 	base.Cmd("pull", testutil.CommonImage).AssertOK()
 	testImageRef := fmt.Sprintf("%s:%d/%s:%s",
-		reg.IP.String(), reg.ListenPort, testutil.Identifier(t), strings.Split(testutil.CommonImage, ":")[1])
+		reg.IP.String(), reg.Port, testutil.Identifier(t), strings.Split(testutil.CommonImage, ":")[1])
 	t.Logf("testImageRef=%q", testImageRef)
 	base.Cmd("tag", testutil.CommonImage, testImageRef).AssertOK()
 
@@ -126,14 +126,14 @@ func TestPushWithHostsDir(t *testing.T) {
 	testutil.DockerIncompatible(t)
 
 	base := testutil.NewBase(t)
-	reg := testregistry.NewHTTPS(base, "admin", "badmin")
-	defer reg.Cleanup()
+	reg := testregistry.NewWithTokenAuth(base, "admin", "badmin", 0, true)
+	defer reg.Cleanup(nil)
 
-	base.Cmd("--hosts-dir", reg.HostsDir, "login", "-u", "admin", "-p", "badmin", fmt.Sprintf("%s:%d", reg.IP.String(), reg.ListenPort)).AssertOK()
+	base.Cmd("--hosts-dir", reg.HostsDir, "login", "-u", "admin", "-p", "badmin", fmt.Sprintf("%s:%d", reg.IP.String(), reg.Port)).AssertOK()
 
 	base.Cmd("pull", testutil.CommonImage).AssertOK()
 	testImageRef := fmt.Sprintf("%s:%d/%s:%s",
-		reg.IP.String(), reg.ListenPort, testutil.Identifier(t), strings.Split(testutil.CommonImage, ":")[1])
+		reg.IP.String(), reg.Port, testutil.Identifier(t), strings.Split(testutil.CommonImage, ":")[1])
 	t.Logf("testImageRef=%q", testImageRef)
 	base.Cmd("tag", testutil.CommonImage, testImageRef).AssertOK()
 
@@ -147,18 +147,18 @@ func TestPushNonDistributableArtifacts(t *testing.T) {
 	testutil.DockerIncompatible(t)
 
 	base := testutil.NewBase(t)
-	reg := testregistry.NewPlainHTTP(base, 5000)
-	defer reg.Cleanup()
+	reg := testregistry.NewWithNoAuth(base, 0, false)
+	defer reg.Cleanup(nil)
 
 	base.Cmd("pull", testutil.NonDistBlobImage).AssertOK()
 
 	testImgRef := fmt.Sprintf("%s:%d/%s:%s",
-		reg.IP.String(), reg.ListenPort, testutil.Identifier(t), strings.Split(testutil.NonDistBlobImage, ":")[1])
+		reg.IP.String(), reg.Port, testutil.Identifier(t), strings.Split(testutil.NonDistBlobImage, ":")[1])
 	base.Cmd("tag", testutil.NonDistBlobImage, testImgRef).AssertOK()
 
 	base.Cmd("--debug", "--insecure-registry", "push", testImgRef).AssertOK()
 
-	blobURL := fmt.Sprintf("http://%s:%d/v2/%s/blobs/%s", reg.IP.String(), reg.ListenPort, testutil.Identifier(t), testutil.NonDistBlobDigest)
+	blobURL := fmt.Sprintf("http://%s:%d/v2/%s/blobs/%s", reg.IP.String(), reg.Port, testutil.Identifier(t), testutil.NonDistBlobDigest)
 	resp, err := http.Get(blobURL)
 	assert.Assert(t, err, "error making http request")
 	if resp.Body != nil {
@@ -179,12 +179,12 @@ func TestPushSoci(t *testing.T) {
 	testutil.DockerIncompatible(t)
 	base := testutil.NewBase(t)
 	requiresSoci(base)
-	reg := testregistry.NewPlainHTTP(base, 5000)
-	defer reg.Cleanup()
+	reg := testregistry.NewWithNoAuth(base, 0, false)
+	defer reg.Cleanup(nil)
 
 	base.Cmd("pull", testutil.UbuntuImage).AssertOK()
 	testImageRef := fmt.Sprintf("%s:%d/%s:%s",
-		reg.IP.String(), reg.ListenPort, testutil.Identifier(t), strings.Split(testutil.UbuntuImage, ":")[1])
+		reg.IP.String(), reg.Port, testutil.Identifier(t), strings.Split(testutil.UbuntuImage, ":")[1])
 	t.Logf("testImageRef=%q", testImageRef)
 	base.Cmd("tag", testutil.UbuntuImage, testImageRef).AssertOK()