use of com.google.cloud.tools.jib.http.TestWebServer in project jib by GoogleContainerTools.
the class RegistryClientTest method setUpAuthServerAndRegistry.
/**
* Sets up an auth server and a registry. The auth server can return a bearer token up to {@code
* maxAuthTokens} times. The registry will initially return "401 Unauthorized" for {@code
* maxTokenResponses} times. (Therefore, a registry client has to get auth tokens from the auth
* server {@code maxAuthTokens} times. After that, the registry returns {@code finalResponse}.
*/
private void setUpAuthServerAndRegistry(int maxAuthTokens, @Nullable String finalResponse) throws IOException, InterruptedException, GeneralSecurityException, URISyntaxException {
String tokenResponse = "HTTP/1.1 200 OK\nContent-Length: 26\n\n{\"token\":\"awesome-token!\"}";
authServer = new TestWebServer(false, Arrays.asList(tokenResponse), maxAuthTokens);
String bearerAuth = "HTTP/1.1 401 Unauthorized\nContent-Length: 0\nWWW-Authenticate: Bearer realm=\"" + authServer.getEndpoint() + "\"\n\n";
List<String> responses = new ArrayList<>(Collections.nCopies(maxAuthTokens, bearerAuth));
if (finalResponse != null) {
responses.add(finalResponse);
}
registry = new TestWebServer(false, responses, responses.size(), true);
}
use of com.google.cloud.tools.jib.http.TestWebServer in project jib by GoogleContainerTools.
the class RegistryClientTest method testAutomaticTokenRefresh_badWwwAuthenticateResponse.
@Test
public void testAutomaticTokenRefresh_badWwwAuthenticateResponse() throws IOException, InterruptedException, GeneralSecurityException, URISyntaxException, RegistryException {
String tokenResponse = "HTTP/1.1 200 OK\nContent-Length: 26\n\n{\"token\":\"awesome-token!\"}";
authServer = new TestWebServer(false, Arrays.asList(tokenResponse), 3);
List<String> responses = Arrays.asList("HTTP/1.1 401 Unauthorized\nContent-Length: 0\nWWW-Authenticate: Bearer realm=\"" + authServer.getEndpoint() + "\"\n\n", "HTTP/1.1 401 Unauthorized\nContent-Length: 0\nWWW-Authenticate: Basic realm=foo\n\n", "HTTP/1.1 401 Unauthorized\nContent-Length: 0\n\n", "HTTP/1.1 200 OK\nContent-Length: 5678\n\n");
registry = new TestWebServer(false, responses, responses.size(), true);
RegistryClient registryClient = createRegistryClient(null);
Assert.assertTrue(registryClient.doPushBearerAuth());
Optional<BlobDescriptor> digestAndSize = registryClient.checkBlob(digest);
Assert.assertEquals(5678, digestAndSize.get().getSize());
// Verify authServer returned bearer token three times (i.e., refreshed twice)
Assert.assertEquals(3, authServer.getTotalResponsesServed());
Assert.assertEquals(4, registry.getTotalResponsesServed());
Mockito.verify(eventHandlers).dispatch(logContains("server did not return 'WWW-Authenticate: Bearer' header. Actual: Basic"));
Mockito.verify(eventHandlers).dispatch(logContains("server did not return 'WWW-Authenticate: Bearer' header. Actual: null"));
}
use of com.google.cloud.tools.jib.http.TestWebServer in project jib by GoogleContainerTools.
the class RegistryClientTest method testAutomaticTokenRefresh_refreshLimit.
@Test
public void testAutomaticTokenRefresh_refreshLimit() throws IOException, InterruptedException, GeneralSecurityException, URISyntaxException, RegistryException {
String tokenResponse = "HTTP/1.1 200 OK\nContent-Length: 26\n\n{\"token\":\"awesome-token!\"}";
authServer = new TestWebServer(false, Arrays.asList(tokenResponse), 5);
String bearerAuth = "HTTP/1.1 401 Unauthorized\nContent-Length: 0\nWWW-Authenticate: Bearer realm=\"" + authServer.getEndpoint() + "\"\n\n";
String unauthorized = "HTTP/1.1 401 Unauthorized\nContent-Length: 0\n\n";
List<String> responses = Arrays.asList(bearerAuth, unauthorized, unauthorized, unauthorized, unauthorized, unauthorized);
registry = new TestWebServer(false, responses, responses.size(), true);
RegistryClient registryClient = createRegistryClient(null);
Assert.assertTrue(registryClient.doPushBearerAuth());
try {
registryClient.checkBlob(digest);
Assert.fail("Should have given up refreshing after 4 attempts");
} catch (RegistryUnauthorizedException ex) {
Assert.assertEquals(401, ex.getHttpResponseException().getStatusCode());
Assert.assertEquals(5, authServer.getTotalResponsesServed());
// 1 response asking to do bearer auth + 4 unauth responses for 4 refresh attempts + 1 final
// unauth response propagated as RegistryUnauthorizedException here
Assert.assertEquals(6, registry.getTotalResponsesServed());
}
}
use of com.google.cloud.tools.jib.http.TestWebServer in project jib by GoogleContainerTools.
the class RegistryClientTest method testAuthPullByWwwAuthenticate_basicAuthRequestedButOAuth2Credential.
@Test
public void testAuthPullByWwwAuthenticate_basicAuthRequestedButOAuth2Credential() throws IOException, InterruptedException, GeneralSecurityException, URISyntaxException, RegistryException {
String blobResponse = "HTTP/1.1 200 OK\nContent-Length: 5678\n\n";
registry = new TestWebServer(false, Arrays.asList(blobResponse), 1);
Credential credential = Credential.from(Credential.OAUTH2_TOKEN_USER_NAME, "pass");
Assert.assertTrue(credential.isOAuth2RefreshToken());
RegistryClient registryClient = createRegistryClient(credential);
registryClient.authPullByWwwAuthenticate("Basic foo");
Optional<BlobDescriptor> digestAndSize = registryClient.checkBlob(digest);
Assert.assertEquals(5678, digestAndSize.get().getSize());
MatcherAssert.assertThat(registry.getInputRead(), CoreMatchers.not(CoreMatchers.containsString("Authorization:")));
}
use of com.google.cloud.tools.jib.http.TestWebServer in project jib by GoogleContainerTools.
the class RegistryClientTest method testPullManifest.
@Test
public void testPullManifest() throws IOException, InterruptedException, GeneralSecurityException, URISyntaxException, RegistryException {
String manifestResponse = "HTTP/1.1 200 OK\nContent-Length: 307\n\n{\n" + " \"schemaVersion\": 2,\n" + " \"mediaType\": \"application/vnd.docker.distribution.manifest.v2+json\",\n" + " \"config\": {\n" + " \"mediaType\": \"application/vnd.docker.container.image.v1+json\",\n" + " \"size\": 7023,\n" + " \"digest\": \"sha256:b5b2b2c507a0944348e0303114d8d93aaaa081732b86451d9bce1f432a537bc7\"\n" + " }\n" + "}";
registry = new TestWebServer(false, Arrays.asList(manifestResponse), 1);
RegistryClient registryClient = createRegistryClient(null);
ManifestAndDigest<?> manifestAndDigest = registryClient.pullManifest("image-tag");
Assert.assertEquals("sha256:6b61466eabab6e5ffb68ae2bd9b85c789225540c2ac54ea1f71eb327588e8946", manifestAndDigest.getDigest().toString());
Assert.assertTrue(manifestAndDigest.getManifest() instanceof V22ManifestTemplate);
V22ManifestTemplate manifest = (V22ManifestTemplate) manifestAndDigest.getManifest();
Assert.assertEquals(2, manifest.getSchemaVersion());
Assert.assertEquals("application/vnd.docker.distribution.manifest.v2+json", manifest.getManifestMediaType());
Assert.assertEquals("sha256:b5b2b2c507a0944348e0303114d8d93aaaa081732b86451d9bce1f432a537bc7", manifest.getContainerConfiguration().getDigest().toString());
Assert.assertEquals(7023, manifest.getContainerConfiguration().getSize());
MatcherAssert.assertThat(registry.getInputRead(), CoreMatchers.containsString("GET /v2/foo/bar/manifests/image-tag "));
}
Aggregations