distribution/contrib/docker-integration/tls.bats
Aaron Lehmann 1368e2ac53 Change run_multiversion.sh to get Docker engine versions from dind container
This is much better than downloading the builds with curl, because
Docker is intelligent about only pulling what it needs.

We use tagged versions of dind for the released version, and dind-master
for a master build.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-07-30 15:39:19 -07:00

103 lines
2.7 KiB
Bash

# Registry host name, should be set to non-localhost address and match
# DNS name in nginx/ssl certificates and what is installed in /etc/docker/cert.d
hostname="localregistry"
image="hello-world:latest"
# Login information, should match values in nginx/test.passwd
user="testuser"
password="passpassword"
email="distribution@docker.com"
function setup() {
docker pull $image
}
# skip basic auth tests with Docker 1.6, where they don't pass due to
# certificate issues
function basic_auth_version_check() {
run sh -c 'docker version | fgrep -q "Client version: 1.6."'
if [ "$status" -eq 0 ]; then
skip "Basic auth tests don't support 1.6.x"
fi
}
# has_digest enforces the last output line is "Digest: sha256:..."
# the input is the name of the array containing the output lines
function has_digest() {
filtered=$(echo "$1" |sed -rn '/[dD]igest\: sha(256|384|512)/ p')
[ "$filtered" != "" ]
}
function login() {
run docker login -u $user -p $password -e $email $1
[ "$status" -eq 0 ]
# First line is WARNING about credential save
[ "${lines[1]}" = "Login Succeeded" ]
}
@test "Test valid certificates" {
docker tag -f $image $hostname:5440/$image
run docker push $hostname:5440/$image
[ "$status" -eq 0 ]
has_digest "$output"
}
@test "Test basic auth" {
basic_auth_version_check
login $hostname:5441
docker tag -f $image $hostname:5441/$image
run docker push $hostname:5441/$image
[ "$status" -eq 0 ]
has_digest "$output"
}
@test "Test TLS client auth" {
docker tag -f $image $hostname:5442/$image
run docker push $hostname:5442/$image
[ "$status" -eq 0 ]
has_digest "$output"
}
@test "Test TLS client with invalid certificate authority fails" {
docker tag -f $image $hostname:5443/$image
run docker push $hostname:5443/$image
[ "$status" -ne 0 ]
}
@test "Test basic auth with TLS client auth" {
basic_auth_version_check
login $hostname:5444
docker tag -f $image $hostname:5444/$image
run docker push $hostname:5444/$image
[ "$status" -eq 0 ]
has_digest "$output"
}
@test "Test unknown certificate authority fails" {
docker tag -f $image $hostname:5445/$image
run docker push $hostname:5445/$image
[ "$status" -ne 0 ]
}
@test "Test basic auth with unknown certificate authority fails" {
run login $hostname:5446
[ "$status" -ne 0 ]
docker tag -f $image $hostname:5446/$image
run docker push $hostname:5446/$image
[ "$status" -ne 0 ]
}
@test "Test TLS client auth to server with unknown certificate authority fails" {
docker tag -f $image $hostname:5447/$image
run docker push $hostname:5447/$image
[ "$status" -ne 0 ]
}
@test "Test failure to connect to server fails to fallback to SSLv3" {
docker tag -f $image $hostname:5448/$image
run docker push $hostname:5448/$image
[ "$status" -ne 0 ]
}