Skip to content

Commit

Permalink
e2e: schema2 config test amendments
Browse files Browse the repository at this point in the history 
- Quote process expansions.
- Use braces for variable expansions (e.g. ${var}).
- Wrap variable expandions with quotes.

Signed-off-by: Michal Minář <[email protected]>
  • Loading branch information
Michal Minář committed Sep 6, 2016
1 parent 7f59726 commit 4f82de9
Show file tree
Hide file tree
Showing 2 changed files with 38 additions and 35 deletions.
6 changes: 3 additions & 3 deletions hack/util.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -660,11 +660,11 @@ function install_registry() {
readonly -f install_registry

function wait_for_registry() {
local generation=$(oc get dc/docker-registry -o jsonpath='{.metadata.generation}')
local generation="$(oc get dc/docker-registry -o 'jsonpath={.metadata.generation}')"
local onereplicajs='{.status.observedGeneration},{.status.replicas},{.status.updatedReplicas},{.status.availableReplicas}'
wait_for_command "oc get dc/docker-registry -o jsonpath='$onereplicajs' --config='${ADMIN_KUBECONFIG}' | grep '^$generation,1,1,1$'" $((5*TIME_MIN))
wait_for_command "oc get dc/docker-registry -o 'jsonpath=${onereplicajs}' --config='${ADMIN_KUBECONFIG}' | grep '^${generation},1,1,1$'" "$((5*TIME_MIN))"
local readyjs='{.items[*].status.conditions[?(@.type=="Ready")].status}'
wait_for_command "oc get pod -l deploymentconfig=docker-registry -o jsonpath='$readyjs' --config='${ADMIN_KUBECONFIG}' | grep -qi true" $TIME_MIN
wait_for_command "oc get pod -l deploymentconfig=docker-registry -o 'jsonpath=${readyjs}' --config='${ADMIN_KUBECONFIG}' | grep -qi true" "${TIME_MIN}"
}
readonly -f wait_for_registry

Expand Down
67 changes: 35 additions & 32 deletions test/end-to-end/core.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -117,7 +117,7 @@ os::cmd::expect_success 'oc status -n default'

# check to make sure a project admin can push an image to an image stream that doesn't exist
os::cmd::expect_success 'oc project cache'
e2e_user_token=$(oc whoami -t)
e2e_user_token="$(oc whoami -t)"

echo "[INFO] Docker login as e2e-user to ${DOCKER_REGISTRY}"
os::cmd::expect_success "docker login -u e2e-user -p ${e2e_user_token} -e [email protected] ${DOCKER_REGISTRY}"
Expand All @@ -129,10 +129,10 @@ os::cmd::expect_success "docker push ${DOCKER_REGISTRY}/cache/ruby-22-centos7:la
echo "[INFO] Pushed ruby-22-centos7"

# get image's digest
rubyimagedigest=$(oc get -o jsonpath='{.status.tags[?(@.tag=="latest")].items[0].image}' is/ruby-22-centos7)
rubyimagedigest="$(oc get -o jsonpath='{.status.tags[?(@.tag=="latest")].items[0].image}' is/ruby-22-centos7)"
echo "[INFO] Ruby image digest: $rubyimagedigest"
# get a random, non-empty blob
rubyimageblob=$(oc get isimage -o go-template='{{range .image.dockerImageLayers}}{{if gt .size 1024.}}{{.name}},{{end}}{{end}}' ruby-22-centos7@${rubyimagedigest} | cut -d , -f 1)
rubyimageblob="$(oc get isimage -o go-template='{{range .image.dockerImageLayers}}{{if gt .size 1024.}}{{.name}},{{end}}{{end}}' ruby-22-centos7@${rubyimagedigest} | cut -d , -f 1)"
echo "[INFO] Ruby's testing blob digest: $rubyimageblob"

# verify remote images can be pulled directly from the local registry
Expand Down Expand Up @@ -170,7 +170,7 @@ echo "[INFO] Cross namespace pull successful"

# verify we can pull from tagged image (using image digest)
remove_docker_images "${DOCKER_REGISTRY}/custom/cross" namespace-pull
imagedigest=$(oc get istag hello-world:latest --template={{.image.metadata.name}})
imagedigest="$(oc get istag hello-world:latest --template='{{.image.metadata.name}}')"
echo "[INFO] Tagging hello-world@${imagedigest} to the same image stream and pulling it"
os::cmd::expect_success "oc tag hello-world@${imagedigest} hello-world:new-id-tag"
os::cmd::expect_success "docker pull ${DOCKER_REGISTRY}/cache/hello-world:new-id-tag"
Expand All @@ -197,26 +197,26 @@ echo "[INFO] Cross namespace pull successful"
os::cmd::expect_success 'oc login -u schema2-user -p pass'
os::cmd::expect_success "oc new-project schema2"
os::cmd::expect_success "oc project schema2"
schema2_user_token=$(oc whoami -t)
schema2_user_token="$(oc whoami -t)"

echo "[INFO] Fetch manifest V2 schema 2 image with old client using pullthrough"
os::cmd::expect_success "oc import-image --confirm --from=hello-world:latest hello-world:pullthrough"
os::cmd::expect_success_and_text "oc get -o jsonpath='{.image.dockerImageManifestMediaType}' istag hello-world:pullthrough" 'application/vnd\.docker\.distribution\.manifest\.v2\+json'
hello_world_name=$(oc get -o 'jsonpath={.image.metadata.name}' istag hello-world:pullthrough)
os::cmd::expect_success_and_text "echo ${hello_world_name:-}" '.+'
hello_world_name="$(oc get -o 'jsonpath={.image.metadata.name}' istag hello-world:pullthrough)"
os::cmd::expect_success_and_text "echo '${hello_world_name}'" '.+'
# dockerImageManifest is retrievable only with "images" resource
hello_world_config_name=$(oc get -o 'jsonpath={.dockerImageManifest}' image "$hello_world_name" --context="$CLUSTER_ADMIN_CONTEXT" | jq -r '.config.digest')
hello_world_config_image=$(oc get -o 'jsonpath={.image.dockerImageConfig}' istag hello-world:pullthrough | jq -r '.container_config.Image')
os::cmd::expect_success_and_text "echo ${hello_world_config_name:-},${hello_world_config_image:-}" '.+,.+'
hello_world_config_name="$(oc get -o 'jsonpath={.dockerImageManifest}' image "${hello_world_name}" --context="${CLUSTER_ADMIN_CONTEXT}" | jq -r '.config.digest')"
hello_world_config_image="$(oc get -o 'jsonpath={.image.dockerImageConfig}' istag hello-world:pullthrough | jq -r '.container_config.Image')"
os::cmd::expect_success_and_text "echo '${hello_world_config_name},${hello_world_config_image}'" '.+,.+'
# verify we can fetch the config
os::cmd::expect_success_and_text "curl -u 'schema2-user:${schema2_user_token}' -v -s -o ${ARTIFACT_DIR}/hello-world-config.json ${DOCKER_REGISTRY}/v2/schema2/hello-world/blobs/${hello_world_config_name} 2>&1" "Docker-Content-Digest:\s*${hello_world_config_name}"
os::cmd::expect_success_and_text "jq -r '.container_config.Image' ${ARTIFACT_DIR}/hello-world-config.json" "${hello_world_config_image}"
os::cmd::expect_success_and_text "curl -u 'schema2-user:${schema2_user_token}' -v -s -o '${ARTIFACT_DIR}/hello-world-config.json' '${DOCKER_REGISTRY}/v2/schema2/hello-world/blobs/${hello_world_config_name}' 2>&1" "Docker-Content-Digest:\s*${hello_world_config_name}"
os::cmd::expect_success_and_text "jq -r '.container_config.Image' '${ARTIFACT_DIR}/hello-world-config.json'" "${hello_world_config_image}"
# no accept header provided, the registry will convert schema 2 to schema 1 on-the-fly
hello_world_schema1_digest=$(curl -u schema2-user:${schema2_user_token} -s -v -o ${ARTIFACT_DIR}/hello-world-manifest.json ${DOCKER_REGISTRY}/v2/schema2/hello-world/manifests/pullthrough |& sed -n 's/.*Docker-Content-Digest:\s*\(\S\+\).*/\1/p')
hello_world_schema1_digest="$(curl -u "schema2-user:${schema2_user_token}" -s -v -o "${ARTIFACT_DIR}/hello-world-manifest.json" "${DOCKER_REGISTRY}/v2/schema2/hello-world/manifests/pullthrough" |& sed -n 's/.*Docker-Content-Digest:\s*\(\S\+\).*/\1/p')"
# ensure the manifest was converted to schema 1
os::cmd::expect_success_and_text "jq -r '.schemaVersion' ${ARTIFACT_DIR}/hello-world-manifest.json" '^1$'
os::cmd::expect_success_and_not_text "echo '${hello_world_schema1_digest:-}'" "${hello_world_name:-}"
os::cmd::expect_success_and_text "echo '${hello_world_schema1_digest:-}'" ".+"
os::cmd::expect_success_and_not_text "echo '${hello_world_schema1_digest}'" "${hello_world_name}"
os::cmd::expect_success_and_text "echo '${hello_world_schema1_digest}'" ".+"
os::cmd::expect_success_and_text "curl -I -u 'schema2-user:${schema2_user_token}' '${DOCKER_REGISTRY}/v2/schema2/hello-world/manifests/${hello_world_schema1_digest}'" "404 Not Found"
echo "[INFO] Manifest V2 schema 2 image fetched successfully with old client"

Expand All @@ -227,7 +227,7 @@ os::cmd::expect_success_and_text 'oc whoami' 'system:admin'
# check to make sure an image-pusher can push an image
os::cmd::expect_success 'oc policy add-role-to-user system:image-pusher -n cache pusher'
os::cmd::expect_success 'oc login -u pusher -p pass'
pusher_token=$(oc whoami -t)
pusher_token="$(oc whoami -t)"

echo "[INFO] Docker login as pusher to ${DOCKER_REGISTRY}"
os::cmd::expect_success "docker login -u e2e-user -p ${pusher_token} -e [email protected] ${DOCKER_REGISTRY}"
Expand All @@ -248,10 +248,12 @@ os::cmd::expect_success 'oc policy add-role-to-user system:image-puller system:a
os::cmd::try_until_text 'oc policy who-can get imagestreams/layers -n custom' 'system:anonymous'
os::cmd::expect_success "docker pull ${DOCKER_REGISTRY}/custom/cross:namespace-pull"
os::cmd::expect_success "docker pull ${DOCKER_REGISTRY}/custom/cross:namespace-pull-id"
# unauthorized pushes return authorization errors, regardless of backing data
os::cmd::expect_failure_and_text "docker push ${DOCKER_REGISTRY}/missing/image:tag" "authentication required|not authorized"
os::cmd::expect_failure_and_text "docker push ${DOCKER_REGISTRY}/custom/cross:namespace-pull" "authentication required|not authorized"
os::cmd::expect_failure_and_text "docker push ${DOCKER_REGISTRY}/custom/cross:namespace-pull-id" "authentication required|not authorized"
# unauthorized pushes return authorization errors, regardless of backing data; error messages differ with each docker version
# docker 1.9: not authorized
# docker 1.10: authentication required
os::cmd::expect_failure_and_text "docker push ${DOCKER_REGISTRY}/missing/image:tag" "not authorized|authentication required"
os::cmd::expect_failure_and_text "docker push ${DOCKER_REGISTRY}/custom/cross:namespace-pull" "not authorized|authentication required"
os::cmd::expect_failure_and_text "docker push ${DOCKER_REGISTRY}/custom/cross:namespace-pull-id" "not authorized|authentication required"
# test anonymous pushes
os::cmd::expect_success 'oc policy add-role-to-user system:image-pusher system:anonymous -n custom'
os::cmd::try_until_text 'oc policy who-can update imagestreams/layers -n custom' 'system:anonymous'
Expand Down Expand Up @@ -510,8 +512,9 @@ os::cmd::expect_success "oc exec -p ${registry_pod} du /registry > '${LOG_DIR}/p
os::cmd::expect_code "diff ${LOG_DIR}/prune-images.before.txt ${LOG_DIR}/prune-images.after.txt" 1
echo "[INFO] Validated image pruning"

# with registry's re-deployment we loose all the blobs stored in its storage until now
echo "[INFO] Configure registry to accept manifest V2 schema 2"
os::cmd::expect_success "oc project ${CLUSTER_ADMIN_CONTEXT}"
os::cmd::expect_success "oc project '${CLUSTER_ADMIN_CONTEXT}'"
os::cmd::expect_success 'oc env -n default dc/docker-registry REGISTRY_MIDDLEWARE_REPOSITORY_OPENSHIFT_ACCEPTSCHEMA2=true'
wait_for_registry
echo "[INFO] Registry configured to accept manifest V2 schema 2"
Expand All @@ -521,7 +524,7 @@ os::cmd::expect_success "oc login -u schema2-user -p pass"
os::cmd::expect_success "oc project schema2"
# tagging remote docker.io/busybox image
os::cmd::expect_success "docker tag busybox '${DOCKER_REGISTRY}/schema2/busybox'"
os::cmd::expect_success "docker login -u e2e-user -p ${schema2_user_token} -e [email protected] ${DOCKER_REGISTRY}"
os::cmd::expect_success "docker login -u e2e-user -p '${schema2_user_token}' -e [email protected] '${DOCKER_REGISTRY}'"
os::cmd::expect_success "docker push '${DOCKER_REGISTRY}/schema2/busybox'"
# image accepted as schema 2
os::cmd::expect_success_and_text "oc get -o jsonpath='{.image.dockerImageManifestMediaType}' istag busybox:latest" 'application/vnd\.docker\.distribution\.manifest\.v2\+json'
Expand All @@ -531,24 +534,24 @@ echo "[INFO] Convert manifest V2 schema 2 to schema 1 for older client"
os::cmd::expect_success 'oc login -u schema2-user -p pass'
os::cmd::expect_success "oc new-project schema2tagged"
os::cmd::expect_success "oc tag --source=istag schema2/busybox:latest busybox:latest"
busybox_name=$(oc get -o 'jsonpath={.image.metadata.name}' istag busybox:latest)
os::cmd::expect_success_and_text "echo ${busybox_name:-}" '.+'
busybox_name="$(oc get -o 'jsonpath={.image.metadata.name}' istag busybox:latest)"
os::cmd::expect_success_and_text "echo '${busybox_name}'" '.+'
# no accept header provided, registry converts on-the-fly to schema 1
busybox_schema1_digest=$(curl -u "schema2-user:${schema2_user_token}" -s -v -o ${ARTIFACT_DIR}/busybox-manifest.json ${DOCKER_REGISTRY}/v2/schema2tagged/busybox/manifests/latest |& sed -n 's/.*Docker-Content-Digest:\s*\(\S\+\).*/\1/p')
busybox_schema1_digest="$(curl -u "schema2-user:${schema2_user_token}" -s -v -o "${ARTIFACT_DIR}/busybox-manifest.json" "${DOCKER_REGISTRY}/v2/schema2tagged/busybox/manifests/latest" |& sed -n 's/.*Docker-Content-Digest:\s*\(\S\+\).*/\1/p')"
# ensure the manifest was converted to schema 1
os::cmd::expect_success_and_text "jq -r '.schemaVersion' ${ARTIFACT_DIR}/busybox-manifest.json" '^1$'
os::cmd::expect_success_and_not_text "echo '${busybox_schema1_digest:-}'" "${busybox_name:-}"
os::cmd::expect_success_and_text "echo '${busybox_schema1_digest:-}'" ".+"
os::cmd::expect_success_and_text "jq -r '.schemaVersion' '${ARTIFACT_DIR}/busybox-manifest.json'" '^1$'
os::cmd::expect_success_and_not_text "echo '${busybox_schema1_digest}'" "${busybox_name}"
os::cmd::expect_success_and_text "echo '${busybox_schema1_digest}'" ".+"
# schema 1 is generated on-the-fly, it's not stored in the registry, thus Not Found
os::cmd::expect_success_and_text "curl -I -u 'schema2-user:${schema2_user_token}' '${DOCKER_REGISTRY}/v2/schema2tagged/busybox/manifests/${busybox_schema1_digest}'" "404 Not Found"
# ensure we can fetch it back as schema 2
os::cmd::expect_success_and_text "curl -I -u 'schema2-user:${schema2_user_token}' -H 'Accept: application/vnd.docker.distribution.manifest.v2+json' ${DOCKER_REGISTRY}/v2/schema2tagged/busybox/manifests/latest" "Docker-Content-Digest:\s*${busybox_name}"
os::cmd::expect_success_and_text "curl -I -u 'schema2-user:${schema2_user_token}' -H 'Accept: application/vnd.docker.distribution.manifest.v2+json' '${DOCKER_REGISTRY}/v2/schema2tagged/busybox/manifests/latest'" "Docker-Content-Digest:\s*${busybox_name}"
echo "[INFO] Manifest V2 schema 2 successfully converted to schema 1"

echo "[INFO] Verify image size calculation"
busybox_expected_size=$(oc get -o jsonpath='{.dockerImageManifest}' image ${busybox_name} --context="${CLUSTER_ADMIN_CONTEXT}" | jq -r '[.. | .size?] | add')
busybox_calculated_size=$(oc get -o go-template='{{.dockerImageMetadata.Size}}' image ${busybox_name} --context="${CLUSTER_ADMIN_CONTEXT}")
os::cmd::expect_success_and_text "echo ${busybox_expected_size:-}:${busybox_calculated_size:-}" '^[1-9][0-9]*:[1-9][0-9]*$'
busybox_expected_size="$(oc get -o 'jsonpath={.dockerImageManifest}' image "${busybox_name}" --context="${CLUSTER_ADMIN_CONTEXT}" | jq -r '[.. | .size?] | add')"
busybox_calculated_size="$(oc get -o go-template='{{.dockerImageMetadata.Size}}' image "${busybox_name}" --context="${CLUSTER_ADMIN_CONTEXT}")"
os::cmd::expect_success_and_text "echo '${busybox_expected_size}:${busybox_calculated_size}'" '^[1-9][0-9]*:[1-9][0-9]*$'
os::cmd::expect_success_and_text "echo '${busybox_expected_size}'" "${busybox_calculated_size}"
echo "[INFO] Image size matches"

Expand Down

0 comments on commit 4f82de9

Please sign in to comment.