mirror of
https://github.com/project-zot/zot.git
synced 2026-06-17 21:17:58 +08:00
Andrei Aaron
9dfa7c3ae6
Replace MakeTempFile usage with MakeTempFilePath and MakeTempFileWithContent helpers that automatically handle file lifecycle. This prevents resource leaks by ensuring temporary files are properly closed. Shoudld also make the tests easier to read. Signed-off-by: Andrei Aaron <andreifdaaron@gmail.com>
120 lines
3.0 KiB
Go
120 lines
3.0 KiB
Go
//go:build search && needprivileges
|
|
|
|
package client_test
|
|
|
|
import (
|
|
"bytes"
|
|
"crypto/tls"
|
|
"crypto/x509"
|
|
"fmt"
|
|
"os"
|
|
"os/exec"
|
|
"path/filepath"
|
|
"testing"
|
|
|
|
. "github.com/smartystreets/goconvey/convey"
|
|
"gopkg.in/resty.v1"
|
|
|
|
"zotregistry.dev/zot/v2/pkg/api"
|
|
"zotregistry.dev/zot/v2/pkg/api/config"
|
|
"zotregistry.dev/zot/v2/pkg/api/constants"
|
|
"zotregistry.dev/zot/v2/pkg/cli/client"
|
|
test "zotregistry.dev/zot/v2/pkg/test/common"
|
|
)
|
|
|
|
func TestElevatedPrivilegesTLSNewControllerPrivilegedCert(t *testing.T) {
|
|
Convey("Privileged certs - Make a new controller", t, func() {
|
|
//nolint: noctx // old code, no context available
|
|
cmd := exec.Command("mkdir", "-p", "/etc/containers/certs.d/127.0.0.1:8089/") //nolint: gosec
|
|
|
|
_, err := cmd.Output()
|
|
if err != nil {
|
|
panic(err)
|
|
}
|
|
|
|
//nolint: noctx // old code, no context available
|
|
defer exec.Command("rm", "-rf", "/etc/containers/certs.d/127.0.0.1:8089/")
|
|
|
|
workDir, _ := os.Getwd()
|
|
_ = os.Chdir("../../../test/data")
|
|
|
|
clientGlob, _ := filepath.Glob("client.*")
|
|
caGlob, _ := filepath.Glob("ca.*")
|
|
|
|
for _, file := range clientGlob {
|
|
//nolint: noctx // old code, no context available
|
|
cmd = exec.Command("cp", file, "/etc/containers/certs.d/127.0.0.1:8089/")
|
|
|
|
res, err := cmd.CombinedOutput()
|
|
if err != nil {
|
|
panic(string(res))
|
|
}
|
|
}
|
|
|
|
for _, file := range caGlob {
|
|
//nolint: noctx // old code, no context available
|
|
cmd = exec.Command("cp", file, "/etc/containers/certs.d/127.0.0.1:8089/")
|
|
|
|
res, err := cmd.CombinedOutput()
|
|
if err != nil {
|
|
panic(string(res))
|
|
}
|
|
}
|
|
|
|
allGlob, _ := filepath.Glob("/etc/containers/certs.d/127.0.0.1:8089/*.key")
|
|
|
|
for _, file := range allGlob {
|
|
//nolint: noctx // old code, no context available
|
|
cmd = exec.Command("chmod", "a=rwx", file)
|
|
|
|
res, err := cmd.CombinedOutput()
|
|
if err != nil {
|
|
panic(string(res))
|
|
}
|
|
}
|
|
|
|
_ = os.Chdir(workDir)
|
|
|
|
caCert, err := os.ReadFile(CACert)
|
|
So(err, ShouldBeNil)
|
|
caCertPool := x509.NewCertPool()
|
|
caCertPool.AppendCertsFromPEM(caCert)
|
|
|
|
resty.SetTLSClientConfig(&tls.Config{RootCAs: caCertPool, MinVersion: tls.VersionTLS12})
|
|
|
|
defer func() { resty.SetTLSClientConfig(nil) }()
|
|
|
|
conf := config.New()
|
|
conf.HTTP.Port = SecurePort2
|
|
conf.HTTP.TLS = &config.TLSConfig{
|
|
Cert: ServerCert,
|
|
Key: ServerKey,
|
|
CACert: CACert,
|
|
}
|
|
|
|
ctlr := api.NewController(conf)
|
|
ctlr.Config.Storage.RootDirectory = t.TempDir()
|
|
|
|
cm := test.NewControllerManager(ctlr)
|
|
cm.StartAndWait(conf.HTTP.Port)
|
|
|
|
defer cm.StopServer()
|
|
|
|
Convey("Certs in privileged path", func() {
|
|
_ = makeConfigFile(t,
|
|
fmt.Sprintf(`{"configs":[{"_name":"imagetest","url":"%s%s%s","showspinner":false}]}`,
|
|
BaseSecureURL2, constants.RoutePrefix, constants.ExtCatalogPrefix))
|
|
|
|
args := []string{"list", "--config", "imagetest"}
|
|
imageCmd := client.NewImageCommand(client.NewSearchService())
|
|
imageBuff := bytes.NewBufferString("")
|
|
imageCmd.SetOut(imageBuff)
|
|
imageCmd.SetErr(imageBuff)
|
|
imageCmd.SetArgs(args)
|
|
|
|
err := imageCmd.Execute()
|
|
So(err, ShouldBeNil)
|
|
})
|
|
})
|
|
}
|