Search in sources :

Example 26 with TestWebServer

use of com.google.cloud.tools.jib.http.TestWebServer in project jib by GoogleContainerTools.

the class RegistryClientTest method setUpAuthServerAndRegistry.

/**
 * Sets up an auth server and a registry. The auth server can return a bearer token up to {@code
 * maxAuthTokens} times. The registry will initially return "401 Unauthorized" for {@code
 * maxTokenResponses} times. (Therefore, a registry client has to get auth tokens from the auth
 * server {@code maxAuthTokens} times. After that, the registry returns {@code finalResponse}.
 */
private void setUpAuthServerAndRegistry(int maxAuthTokens, @Nullable String finalResponse) throws IOException, InterruptedException, GeneralSecurityException, URISyntaxException {
    String tokenResponse = "HTTP/1.1 200 OK\nContent-Length: 26\n\n{\"token\":\"awesome-token!\"}";
    authServer = new TestWebServer(false, Arrays.asList(tokenResponse), maxAuthTokens);
    String bearerAuth = "HTTP/1.1 401 Unauthorized\nContent-Length: 0\nWWW-Authenticate: Bearer realm=\"" + authServer.getEndpoint() + "\"\n\n";
    List<String> responses = new ArrayList<>(Collections.nCopies(maxAuthTokens, bearerAuth));
    if (finalResponse != null) {
        responses.add(finalResponse);
    }
    registry = new TestWebServer(false, responses, responses.size(), true);
}
Also used : ArrayList(java.util.ArrayList) TestWebServer(com.google.cloud.tools.jib.http.TestWebServer)

Example 27 with TestWebServer

use of com.google.cloud.tools.jib.http.TestWebServer in project jib by GoogleContainerTools.

the class RegistryClientTest method testAutomaticTokenRefresh_badWwwAuthenticateResponse.

@Test
public void testAutomaticTokenRefresh_badWwwAuthenticateResponse() throws IOException, InterruptedException, GeneralSecurityException, URISyntaxException, RegistryException {
    String tokenResponse = "HTTP/1.1 200 OK\nContent-Length: 26\n\n{\"token\":\"awesome-token!\"}";
    authServer = new TestWebServer(false, Arrays.asList(tokenResponse), 3);
    List<String> responses = Arrays.asList("HTTP/1.1 401 Unauthorized\nContent-Length: 0\nWWW-Authenticate: Bearer realm=\"" + authServer.getEndpoint() + "\"\n\n", "HTTP/1.1 401 Unauthorized\nContent-Length: 0\nWWW-Authenticate: Basic realm=foo\n\n", "HTTP/1.1 401 Unauthorized\nContent-Length: 0\n\n", "HTTP/1.1 200 OK\nContent-Length: 5678\n\n");
    registry = new TestWebServer(false, responses, responses.size(), true);
    RegistryClient registryClient = createRegistryClient(null);
    Assert.assertTrue(registryClient.doPushBearerAuth());
    Optional<BlobDescriptor> digestAndSize = registryClient.checkBlob(digest);
    Assert.assertEquals(5678, digestAndSize.get().getSize());
    // Verify authServer returned bearer token three times (i.e., refreshed twice)
    Assert.assertEquals(3, authServer.getTotalResponsesServed());
    Assert.assertEquals(4, registry.getTotalResponsesServed());
    Mockito.verify(eventHandlers).dispatch(logContains("server did not return 'WWW-Authenticate: Bearer' header. Actual: Basic"));
    Mockito.verify(eventHandlers).dispatch(logContains("server did not return 'WWW-Authenticate: Bearer' header. Actual: null"));
}
Also used : BlobDescriptor(com.google.cloud.tools.jib.blob.BlobDescriptor) TestWebServer(com.google.cloud.tools.jib.http.TestWebServer) Test(org.junit.Test)

Example 28 with TestWebServer

use of com.google.cloud.tools.jib.http.TestWebServer in project jib by GoogleContainerTools.

the class RegistryClientTest method testAutomaticTokenRefresh_refreshLimit.

@Test
public void testAutomaticTokenRefresh_refreshLimit() throws IOException, InterruptedException, GeneralSecurityException, URISyntaxException, RegistryException {
    String tokenResponse = "HTTP/1.1 200 OK\nContent-Length: 26\n\n{\"token\":\"awesome-token!\"}";
    authServer = new TestWebServer(false, Arrays.asList(tokenResponse), 5);
    String bearerAuth = "HTTP/1.1 401 Unauthorized\nContent-Length: 0\nWWW-Authenticate: Bearer realm=\"" + authServer.getEndpoint() + "\"\n\n";
    String unauthorized = "HTTP/1.1 401 Unauthorized\nContent-Length: 0\n\n";
    List<String> responses = Arrays.asList(bearerAuth, unauthorized, unauthorized, unauthorized, unauthorized, unauthorized);
    registry = new TestWebServer(false, responses, responses.size(), true);
    RegistryClient registryClient = createRegistryClient(null);
    Assert.assertTrue(registryClient.doPushBearerAuth());
    try {
        registryClient.checkBlob(digest);
        Assert.fail("Should have given up refreshing after 4 attempts");
    } catch (RegistryUnauthorizedException ex) {
        Assert.assertEquals(401, ex.getHttpResponseException().getStatusCode());
        Assert.assertEquals(5, authServer.getTotalResponsesServed());
        // 1 response asking to do bearer auth + 4 unauth responses for 4 refresh attempts + 1 final
        // unauth response propagated as RegistryUnauthorizedException here
        Assert.assertEquals(6, registry.getTotalResponsesServed());
    }
}
Also used : RegistryUnauthorizedException(com.google.cloud.tools.jib.api.RegistryUnauthorizedException) TestWebServer(com.google.cloud.tools.jib.http.TestWebServer) Test(org.junit.Test)

Example 29 with TestWebServer

use of com.google.cloud.tools.jib.http.TestWebServer in project jib by GoogleContainerTools.

the class RegistryClientTest method testAuthPullByWwwAuthenticate_basicAuthRequestedButOAuth2Credential.

@Test
public void testAuthPullByWwwAuthenticate_basicAuthRequestedButOAuth2Credential() throws IOException, InterruptedException, GeneralSecurityException, URISyntaxException, RegistryException {
    String blobResponse = "HTTP/1.1 200 OK\nContent-Length: 5678\n\n";
    registry = new TestWebServer(false, Arrays.asList(blobResponse), 1);
    Credential credential = Credential.from(Credential.OAUTH2_TOKEN_USER_NAME, "pass");
    Assert.assertTrue(credential.isOAuth2RefreshToken());
    RegistryClient registryClient = createRegistryClient(credential);
    registryClient.authPullByWwwAuthenticate("Basic foo");
    Optional<BlobDescriptor> digestAndSize = registryClient.checkBlob(digest);
    Assert.assertEquals(5678, digestAndSize.get().getSize());
    MatcherAssert.assertThat(registry.getInputRead(), CoreMatchers.not(CoreMatchers.containsString("Authorization:")));
}
Also used : Credential(com.google.cloud.tools.jib.api.Credential) BlobDescriptor(com.google.cloud.tools.jib.blob.BlobDescriptor) TestWebServer(com.google.cloud.tools.jib.http.TestWebServer) Test(org.junit.Test)

Example 30 with TestWebServer

use of com.google.cloud.tools.jib.http.TestWebServer in project jib by GoogleContainerTools.

the class RegistryClientTest method testPullManifest.

@Test
public void testPullManifest() throws IOException, InterruptedException, GeneralSecurityException, URISyntaxException, RegistryException {
    String manifestResponse = "HTTP/1.1 200 OK\nContent-Length: 307\n\n{\n" + "    \"schemaVersion\": 2,\n" + "    \"mediaType\": \"application/vnd.docker.distribution.manifest.v2+json\",\n" + "    \"config\": {\n" + "        \"mediaType\": \"application/vnd.docker.container.image.v1+json\",\n" + "        \"size\": 7023,\n" + "        \"digest\": \"sha256:b5b2b2c507a0944348e0303114d8d93aaaa081732b86451d9bce1f432a537bc7\"\n" + "    }\n" + "}";
    registry = new TestWebServer(false, Arrays.asList(manifestResponse), 1);
    RegistryClient registryClient = createRegistryClient(null);
    ManifestAndDigest<?> manifestAndDigest = registryClient.pullManifest("image-tag");
    Assert.assertEquals("sha256:6b61466eabab6e5ffb68ae2bd9b85c789225540c2ac54ea1f71eb327588e8946", manifestAndDigest.getDigest().toString());
    Assert.assertTrue(manifestAndDigest.getManifest() instanceof V22ManifestTemplate);
    V22ManifestTemplate manifest = (V22ManifestTemplate) manifestAndDigest.getManifest();
    Assert.assertEquals(2, manifest.getSchemaVersion());
    Assert.assertEquals("application/vnd.docker.distribution.manifest.v2+json", manifest.getManifestMediaType());
    Assert.assertEquals("sha256:b5b2b2c507a0944348e0303114d8d93aaaa081732b86451d9bce1f432a537bc7", manifest.getContainerConfiguration().getDigest().toString());
    Assert.assertEquals(7023, manifest.getContainerConfiguration().getSize());
    MatcherAssert.assertThat(registry.getInputRead(), CoreMatchers.containsString("GET /v2/foo/bar/manifests/image-tag "));
}
Also used : V22ManifestTemplate(com.google.cloud.tools.jib.image.json.V22ManifestTemplate) TestWebServer(com.google.cloud.tools.jib.http.TestWebServer) Test(org.junit.Test)

Aggregations

TestWebServer (com.google.cloud.tools.jib.http.TestWebServer)30 Test (org.junit.Test)26 BlobDescriptor (com.google.cloud.tools.jib.blob.BlobDescriptor)12 Credential (com.google.cloud.tools.jib.api.Credential)2 RegistryAuthenticationFailedException (com.google.cloud.tools.jib.api.RegistryAuthenticationFailedException)2 RegistryUnauthorizedException (com.google.cloud.tools.jib.api.RegistryUnauthorizedException)2 FailoverHttpClient (com.google.cloud.tools.jib.http.FailoverHttpClient)2 V22ManifestListTemplate (com.google.cloud.tools.jib.image.json.V22ManifestListTemplate)2 V22ManifestTemplate (com.google.cloud.tools.jib.image.json.V22ManifestTemplate)2 ArrayList (java.util.ArrayList)2 Before (org.junit.Before)2