2023-09-07 21:06:21 +03:00
# Note: Intended to be run as "make run-blackbox-tests" or "make run-blackbox-ci"
2023-08-30 22:24:28 +03:00
# Makefile target installs & checks all necessary tooling
# Extra tools that are not covered in Makefile target needs to be added in verify_prerequisites()
load helpers_zot
2023-10-02 16:37:21 +03:00
load helpers_metrics
2023-08-30 22:24:28 +03:00
function verify_prerequisites() {
if [ ! $(command -v curl) ]; then
echo "you need to install curl as a prerequisite to running the tests" >&3
return 1
fi
2023-10-02 16:37:21 +03:00
if [ ! $(command -v htpasswd) ]; then
echo "you need to install htpasswd as a prerequisite to running the tests" >&3
return 1
fi
2023-08-30 22:24:28 +03:00
return 0
}
2022-04-27 09:00:20 +03:00
function setup_file() {
# verify prerequisites are available
2023-08-30 22:24:28 +03:00
if ! $(verify_prerequisites); then
2022-04-27 09:00:20 +03:00
exit 1
fi
# Setup zot server
zot_root_dir=${BATS_FILE_TMPDIR}/zot
2023-10-02 16:37:21 +03:00
echo ${zot_root_dir} >&3
2022-04-27 09:00:20 +03:00
zot_log_file=${zot_root_dir}/zot-log.json
zot_config_file=${BATS_FILE_TMPDIR}/zot_config.json
2023-10-02 16:37:21 +03:00
zot_htpasswd_file=${BATS_FILE_TMPDIR}/zot_htpasswd
2023-11-15 20:44:31 +02:00
zot_port=$(get_free_port)
echo ${zot_port} > ${BATS_FILE_TMPDIR}/zot.port
2023-10-02 16:37:21 +03:00
htpasswd -Bbn ${AUTH_USER} ${AUTH_PASS} >> ${zot_htpasswd_file}
2023-10-20 10:33:26 +03:00
htpasswd -Bbn ${METRICS_USER} ${METRICS_PASS} >> ${zot_htpasswd_file}
2023-10-02 16:37:21 +03:00
2022-04-27 09:00:20 +03:00
mkdir -p ${zot_root_dir}
touch ${zot_log_file}
cat >${zot_config_file} <<EOF
{
2024-02-20 13:27:21 +02:00
"distSpecVersion": "1.1.0",
2022-04-27 09:00:20 +03:00
"storage": {
"rootDirectory": "${zot_root_dir}"
},
"http": {
"address": "0.0.0.0",
2023-11-15 20:44:31 +02:00
"port": "${zot_port}",
2023-10-02 16:37:21 +03:00
"auth": {
"htpasswd": {
"path": "${zot_htpasswd_file}"
}
2023-10-20 10:33:26 +03:00
},
"accessControl": {
"metrics":{
"users": ["${METRICS_USER}"]
},
"repositories": {
"**": {
"anonymousPolicy": [
"read"
],
"defaultPolicy": ["read","create"]
}
}
2023-10-02 16:37:21 +03:00
}
2022-04-27 09:00:20 +03:00
},
"log": {
"level": "debug",
"output": "${zot_log_file}"
},
"extensions": {
"metrics": {
"enable": true,
"prometheus": {
"path": "/metrics"
}
}
}
}
EOF
2023-08-30 22:24:28 +03:00
zot_serve ${ZOT_PATH} ${zot_config_file}
2023-11-15 20:44:31 +02:00
wait_zot_reachable ${zot_port}
2022-04-27 09:00:20 +03:00
}
2023-09-07 21:06:21 +03:00
function teardown() {
# conditionally printing on failure is possible from teardown but not from from teardown_file
cat ${BATS_FILE_TMPDIR}/zot/zot-log.json
}
2022-04-27 09:00:20 +03:00
function teardown_file() {
2023-08-30 22:24:28 +03:00
zot_stop_all
2022-04-27 09:00:20 +03:00
}
2023-10-02 16:37:21 +03:00
@test "unauthorized request to metrics" {
2023-10-20 10:33:26 +03:00
# anonymous policy: metrics endpoint should not be available
# 401 - http.StatusUnauthorized
2023-11-15 20:44:31 +02:00
zot_port=`cat ${BATS_FILE_TMPDIR}/zot.port`
run metrics_route_check ${zot_port} "" 401
2023-10-02 16:37:21 +03:00
[ "$status" -eq 0 ]
2023-10-20 10:33:26 +03:00
# user is not in htpasswd
2023-11-15 20:44:31 +02:00
run metrics_route_check ${zot_port} "-u unlucky:wrongpass" 401
2023-10-02 16:37:21 +03:00
[ "$status" -eq 0 ]
2023-10-20 10:33:26 +03:00
# proper user/pass tuple from htpasswd, but user not allowed to access metrics
# 403 - http.StatusForbidden
2023-11-15 20:44:31 +02:00
run metrics_route_check ${zot_port} "-u ${AUTH_USER}:${AUTH_PASS}" 403
2023-10-20 10:33:26 +03:00
[ "$status" -eq 0 ]
2022-04-27 09:00:20 +03:00
}
2023-10-02 16:37:21 +03:00
@test "authorized request: metrics enabled" {
2023-11-15 20:44:31 +02:00
zot_port=`cat ${BATS_FILE_TMPDIR}/zot.port`
run metrics_route_check ${zot_port} "-u ${METRICS_USER}:${METRICS_PASS}" 200
2023-10-02 16:37:21 +03:00
[ "$status" -eq 0 ]
}
