mirror of
https://github.com/lfkeitel/docker-registry-auth.git
synced 2025-04-19 00:24:02 +03:00
374 lines
7.7 KiB
Go
374 lines
7.7 KiB
Go
package dockerauth
|
|
|
|
import (
|
|
"net/http"
|
|
"testing"
|
|
)
|
|
|
|
var scopeTests = []struct {
|
|
test string
|
|
access *AccessControl
|
|
}{
|
|
{
|
|
test: "repository:pull,push",
|
|
access: nil,
|
|
},
|
|
{
|
|
test: "repository:alpine:pull",
|
|
access: &AccessControl{
|
|
Type: "repository",
|
|
Name: "alpine",
|
|
Actions: []string{"pull"},
|
|
},
|
|
},
|
|
{
|
|
test: "repository:test/image:pull,push",
|
|
access: &AccessControl{
|
|
Type: "repository",
|
|
Name: "test/image",
|
|
Actions: []string{"pull", "push"},
|
|
},
|
|
},
|
|
{
|
|
test: "repository:example.com:5000/test/image:pull,push",
|
|
access: &AccessControl{
|
|
Type: "repository",
|
|
Name: "example.com:5000/test/image",
|
|
Actions: []string{"pull", "push"},
|
|
},
|
|
},
|
|
}
|
|
|
|
func TestScopeParse(t *testing.T) {
|
|
for _, testCase := range scopeTests {
|
|
a := parseScope(testCase.test)
|
|
equals(t, a, testCase.access)
|
|
}
|
|
}
|
|
|
|
var actionListTests = []struct {
|
|
init []string
|
|
equal *actionList
|
|
expected []string
|
|
}{
|
|
{
|
|
init: []string{},
|
|
equal: &actionList{},
|
|
expected: []string{},
|
|
},
|
|
{
|
|
init: []string{"pull"},
|
|
equal: &actionList{pull: true},
|
|
expected: []string{"pull"},
|
|
},
|
|
{
|
|
init: []string{"something"},
|
|
equal: &actionList{},
|
|
expected: []string{},
|
|
},
|
|
{
|
|
init: []string{"pull", "push"},
|
|
equal: &actionList{pull: true, push: true},
|
|
expected: []string{"pull", "push"},
|
|
},
|
|
{
|
|
init: []string{"push", "pull"},
|
|
equal: &actionList{pull: true, push: true},
|
|
expected: []string{"pull", "push"},
|
|
},
|
|
{
|
|
init: []string{"pull", "push", "*"},
|
|
equal: &actionList{pull: true, push: true, star: true},
|
|
expected: []string{"pull", "push", "*"},
|
|
},
|
|
}
|
|
|
|
func TestActionList(t *testing.T) {
|
|
for _, test := range actionListTests {
|
|
al := newActionList(test.init)
|
|
equals(t, al, test.equal)
|
|
equals(t, al.toSlice(), test.expected)
|
|
}
|
|
}
|
|
|
|
var actionListAddTests = []struct {
|
|
init []string
|
|
add []string
|
|
expected *actionList
|
|
}{
|
|
{
|
|
init: []string{},
|
|
add: []string{},
|
|
expected: &actionList{},
|
|
},
|
|
{
|
|
init: []string{"pull"},
|
|
add: []string{},
|
|
expected: &actionList{pull: true},
|
|
},
|
|
{
|
|
init: []string{},
|
|
add: []string{"push"},
|
|
expected: &actionList{push: true},
|
|
},
|
|
{
|
|
init: []string{"pull"},
|
|
add: []string{"push"},
|
|
expected: &actionList{pull: true, push: true},
|
|
},
|
|
{
|
|
init: []string{"push"},
|
|
add: []string{"*"},
|
|
expected: &actionList{push: true, star: true},
|
|
},
|
|
}
|
|
|
|
func TestActionListAddSlice(t *testing.T) {
|
|
for _, test := range actionListAddTests {
|
|
al := newActionList(test.init)
|
|
al.addSlice(test.add)
|
|
equals(t, al, test.expected)
|
|
}
|
|
}
|
|
|
|
func TestActionListAdd(t *testing.T) {
|
|
for _, test := range actionListAddTests {
|
|
al := newActionList(test.init)
|
|
for _, action := range test.add {
|
|
al.add(action)
|
|
}
|
|
equals(t, al, test.expected)
|
|
}
|
|
}
|
|
|
|
var actionListIntersectionTests = []struct {
|
|
a1 *actionList
|
|
a2 *actionList
|
|
intersect *actionList
|
|
}{
|
|
{
|
|
a1: &actionList{},
|
|
a2: &actionList{},
|
|
intersect: &actionList{},
|
|
},
|
|
{
|
|
a1: &actionList{push: true},
|
|
a2: &actionList{},
|
|
intersect: &actionList{},
|
|
},
|
|
{
|
|
a1: &actionList{},
|
|
a2: &actionList{push: true},
|
|
intersect: &actionList{},
|
|
},
|
|
{
|
|
a1: &actionList{push: true},
|
|
a2: &actionList{pull: true, push: true},
|
|
intersect: &actionList{push: true},
|
|
},
|
|
{
|
|
a1: &actionList{push: true, star: true},
|
|
a2: &actionList{pull: true, push: true, star: true},
|
|
intersect: &actionList{push: true, star: true},
|
|
},
|
|
}
|
|
|
|
func TestActionListIntersect(t *testing.T) {
|
|
for _, test := range actionListIntersectionTests {
|
|
al := test.a1.intersect(test.a2)
|
|
equals(t, al, test.intersect)
|
|
}
|
|
}
|
|
|
|
var aclFilterTests = []struct {
|
|
start []*AccessControl
|
|
repo string
|
|
expected []*AccessControl
|
|
}{
|
|
{
|
|
start: []*AccessControl{
|
|
{Name: "alpine"},
|
|
{Name: "namespace/project"},
|
|
},
|
|
repo: "alpine",
|
|
expected: []*AccessControl{
|
|
{Name: "alpine"},
|
|
},
|
|
},
|
|
{
|
|
start: []*AccessControl{
|
|
{Name: "alpine"},
|
|
{Name: "namespace/project"},
|
|
},
|
|
repo: "namespace/project",
|
|
expected: []*AccessControl{
|
|
{Name: "namespace/project"},
|
|
},
|
|
},
|
|
{
|
|
start: []*AccessControl{
|
|
{Name: "alpine"},
|
|
{Name: "namespace/project"},
|
|
{Name: "namespace/*"},
|
|
},
|
|
repo: "namespace/project",
|
|
expected: []*AccessControl{
|
|
{Name: "namespace/project"},
|
|
{Name: "namespace/*"},
|
|
},
|
|
},
|
|
{
|
|
start: []*AccessControl{
|
|
{Name: "alpine"},
|
|
{Name: "*"},
|
|
},
|
|
repo: "namespace/project",
|
|
expected: []*AccessControl{},
|
|
},
|
|
{
|
|
start: []*AccessControl{
|
|
{Name: "alpine"},
|
|
{Name: "**"},
|
|
},
|
|
repo: "namespace/project",
|
|
expected: []*AccessControl{
|
|
{Name: "**"},
|
|
},
|
|
},
|
|
}
|
|
|
|
func TestACLRepoFilter(t *testing.T) {
|
|
a := &Authenticator{}
|
|
|
|
for _, test := range aclFilterTests {
|
|
f := a.filterRepository(test.start, test.repo)
|
|
equals(t, f, test.expected)
|
|
}
|
|
}
|
|
|
|
var checkIPTests = []struct {
|
|
ip string
|
|
acls []*AccessControl
|
|
expected bool
|
|
}{
|
|
{
|
|
ip: "127.0.0.1",
|
|
acls: []*AccessControl{
|
|
&AccessControl{IP: "*"},
|
|
},
|
|
expected: true,
|
|
},
|
|
{
|
|
ip: "127.0.0.1",
|
|
acls: []*AccessControl{
|
|
&AccessControl{IP: "127.0.0.*"},
|
|
},
|
|
expected: true,
|
|
},
|
|
{
|
|
ip: "128.0.0.1",
|
|
acls: []*AccessControl{
|
|
&AccessControl{IP: "127.0.0.*"},
|
|
},
|
|
expected: false,
|
|
},
|
|
}
|
|
|
|
func TestACLIPFilter(t *testing.T) {
|
|
a := &Authenticator{}
|
|
|
|
for _, test := range checkIPTests {
|
|
r, _ := http.NewRequest("", "", nil)
|
|
r.RemoteAddr = test.ip
|
|
|
|
check := a.checkIPAddress(r, test.acls)
|
|
assert(t, check == test.expected,
|
|
"IP address check error. Got %t, expected %t",
|
|
check, test.expected)
|
|
}
|
|
}
|
|
|
|
func TestACLIPFilterHeader(t *testing.T) {
|
|
a := &Authenticator{}
|
|
|
|
for _, test := range checkIPTests {
|
|
r, _ := http.NewRequest("", "", nil)
|
|
r.Header.Set(http.CanonicalHeaderKey("X-Real-IP"), test.ip)
|
|
|
|
check := a.checkIPAddress(r, test.acls)
|
|
assert(t, check == test.expected,
|
|
"IP address check error. Got %t, expected %t",
|
|
check, test.expected)
|
|
}
|
|
}
|
|
|
|
var aclCompareTests = []struct {
|
|
acls []*AccessControl
|
|
req *AccessControl
|
|
result *AccessControl
|
|
}{
|
|
{
|
|
acls: nil,
|
|
req: &AccessControl{Actions: []string{"push"}},
|
|
result: &AccessControl{Actions: []string{}},
|
|
},
|
|
{
|
|
acls: []*AccessControl{},
|
|
req: &AccessControl{Actions: []string{"push"}},
|
|
result: &AccessControl{Actions: []string{}},
|
|
},
|
|
{
|
|
acls: []*AccessControl{
|
|
&AccessControl{Actions: []string{"push"}},
|
|
},
|
|
req: &AccessControl{Actions: []string{"push"}},
|
|
result: &AccessControl{Actions: []string{"push"}},
|
|
},
|
|
{
|
|
acls: []*AccessControl{
|
|
&AccessControl{Actions: []string{"pull", "push"}},
|
|
},
|
|
req: &AccessControl{Actions: []string{"push"}},
|
|
result: &AccessControl{Actions: []string{"push"}},
|
|
},
|
|
{
|
|
acls: []*AccessControl{
|
|
&AccessControl{Actions: []string{"push"}},
|
|
},
|
|
req: &AccessControl{Actions: []string{"pull", "push"}},
|
|
result: &AccessControl{Actions: []string{"push"}},
|
|
},
|
|
{
|
|
acls: []*AccessControl{
|
|
&AccessControl{Actions: []string{"pull", "push"}},
|
|
},
|
|
req: &AccessControl{Actions: []string{"pull", "push"}},
|
|
result: &AccessControl{Actions: []string{"pull", "push"}},
|
|
},
|
|
{
|
|
acls: []*AccessControl{
|
|
&AccessControl{Actions: []string{"pull"}},
|
|
&AccessControl{Actions: []string{"push"}},
|
|
},
|
|
req: &AccessControl{Actions: []string{"pull", "push"}},
|
|
result: &AccessControl{Actions: []string{"pull", "push"}},
|
|
},
|
|
{
|
|
acls: []*AccessControl{
|
|
&AccessControl{Actions: []string{"pull"}},
|
|
&AccessControl{Actions: []string{"pull"}},
|
|
},
|
|
req: &AccessControl{Actions: []string{"pull", "push"}},
|
|
result: &AccessControl{Actions: []string{"pull"}},
|
|
},
|
|
}
|
|
|
|
func TestCompareACLs(t *testing.T) {
|
|
a := &Authenticator{}
|
|
|
|
for _, test := range aclCompareTests {
|
|
res := a.compareACLS(test.acls, test.req)
|
|
equals(t, res, test.result)
|
|
}
|
|
}
|