mirror of
https://github.com/project-zot/zot.git
synced 2026-06-15 11:37:56 +08:00
Luca Muscariello
2402296e9a
* fix: migrate to Go module v2 for proper semantic versioning This change updates the module path from 'zotregistry.dev/zot' to 'zotregistry.dev/zot/v2' to comply with Go's semantic versioning rules. According to Go's module versioning requirements, major version v2+ must include the major version in the module path. The current module path 'zotregistry.dev/zot' only supports v0.x.x and v1.x.x versions, making existing v2.x.x tags (like v2.1.8) unusable. Changes: - Updated go.mod module path to zotregistry.dev/zot/v2 - Updated all internal import paths across 280+ Go source files - Updated configuration files (golangcilint.yaml, gqlgen.yml) - Updated README.md Go reference badge This fix enables proper use of existing v2.x.x Git tags and allows external packages to import zot v2+ versions without compatibility errors. Resolves: Go module import compatibility for v2+ versions Fixes: #3071 Signed-off-by: Luca Muscariello <muscariello@ieee.org> * fix: regenerate GraphQL files with updated v2 import paths The gqlgen tool needs to regenerate the GraphQL schema files after the module path change to use the new v2 imports. Signed-off-by: Luca Muscariello <muscariello@ieee.org> --------- Signed-off-by: Luca Muscariello <muscariello@ieee.org>
180 lines
5.4 KiB
Go
180 lines
5.4 KiB
Go
package common_test
|
|
|
|
import (
|
|
"crypto/x509"
|
|
"net/http"
|
|
"os"
|
|
"path"
|
|
"testing"
|
|
|
|
. "github.com/smartystreets/goconvey/convey"
|
|
|
|
"zotregistry.dev/zot/v2/pkg/common"
|
|
test "zotregistry.dev/zot/v2/pkg/test/common"
|
|
)
|
|
|
|
func TestHTTPClient(t *testing.T) {
|
|
Convey("test getTLSConfig()", t, func() {
|
|
caCertPool, _ := x509.SystemCertPool()
|
|
tlsConfig, err := common.GetTLSConfig("wrongPath", caCertPool)
|
|
So(tlsConfig, ShouldBeNil)
|
|
So(err, ShouldNotBeNil)
|
|
|
|
tempDir := t.TempDir()
|
|
err = test.CopyTestKeysAndCerts(tempDir)
|
|
So(err, ShouldBeNil)
|
|
err = os.Chmod(path.Join(tempDir, "ca.crt"), 0o000)
|
|
So(err, ShouldBeNil)
|
|
_, err = common.GetTLSConfig(tempDir, caCertPool)
|
|
So(err, ShouldNotBeNil)
|
|
})
|
|
|
|
Convey("test CreateHTTPClient() no permissions on certificate", t, func() {
|
|
tempDir := t.TempDir()
|
|
err := test.CopyTestKeysAndCerts(tempDir)
|
|
So(err, ShouldBeNil)
|
|
err = os.Chmod(path.Join(tempDir, "ca.crt"), 0o000)
|
|
So(err, ShouldBeNil)
|
|
|
|
_, err = common.CreateHTTPClient(&common.HTTPClientOptions{
|
|
TLSEnabled: true,
|
|
VerifyTLS: true,
|
|
Host: "localhost",
|
|
CertOptions: common.HTTPClientCertOptions{
|
|
ClientCertFile: path.Join(tempDir, common.ClientCertFilename),
|
|
ClientKeyFile: path.Join(tempDir, common.ClientKeyFilename),
|
|
RootCaCertFile: path.Join(tempDir, common.CaCertFilename),
|
|
},
|
|
})
|
|
So(err, ShouldNotBeNil)
|
|
})
|
|
|
|
Convey("test CreateHTTPClient() no permissions on key", t, func() {
|
|
tempDir := t.TempDir()
|
|
err := test.CopyTestKeysAndCerts(tempDir)
|
|
So(err, ShouldBeNil)
|
|
err = os.Chmod(path.Join(tempDir, "client.key"), 0o000)
|
|
So(err, ShouldBeNil)
|
|
|
|
_, err = common.CreateHTTPClient(&common.HTTPClientOptions{
|
|
TLSEnabled: true,
|
|
VerifyTLS: true,
|
|
Host: "localhost",
|
|
CertOptions: common.HTTPClientCertOptions{
|
|
ClientCertFile: path.Join(tempDir, common.ClientCertFilename),
|
|
ClientKeyFile: path.Join(tempDir, common.ClientKeyFilename),
|
|
RootCaCertFile: path.Join(tempDir, common.CaCertFilename),
|
|
},
|
|
})
|
|
So(err, ShouldNotBeNil)
|
|
})
|
|
|
|
Convey("test CreateHTTPClient() no TLS", t, func() {
|
|
_, err := common.CreateHTTPClient(&common.HTTPClientOptions{})
|
|
So(err, ShouldBeNil)
|
|
})
|
|
|
|
Convey("test CreateHTTPClient() with only client cert configured", t, func() {
|
|
tempDir := t.TempDir()
|
|
err := test.CopyTestKeysAndCerts(tempDir)
|
|
So(err, ShouldBeNil)
|
|
|
|
_, err = common.CreateHTTPClient(&common.HTTPClientOptions{
|
|
TLSEnabled: true,
|
|
VerifyTLS: true,
|
|
Host: "localhost",
|
|
CertOptions: common.HTTPClientCertOptions{
|
|
ClientCertFile: path.Join(tempDir, common.ClientCertFilename),
|
|
},
|
|
})
|
|
So(err, ShouldNotBeNil)
|
|
})
|
|
|
|
Convey("test CreateHTTPClient() with only client key configured", t, func() {
|
|
tempDir := t.TempDir()
|
|
err := test.CopyTestKeysAndCerts(tempDir)
|
|
So(err, ShouldBeNil)
|
|
|
|
_, err = common.CreateHTTPClient(&common.HTTPClientOptions{
|
|
TLSEnabled: true,
|
|
VerifyTLS: true,
|
|
Host: "localhost",
|
|
CertOptions: common.HTTPClientCertOptions{
|
|
ClientKeyFile: path.Join(tempDir, common.ClientKeyFilename),
|
|
},
|
|
})
|
|
So(err, ShouldNotBeNil)
|
|
})
|
|
|
|
Convey("test CreateHTTPClient() with full certificate config", t, func() {
|
|
tempDir := t.TempDir()
|
|
err := test.CopyTestKeysAndCerts(tempDir)
|
|
So(err, ShouldBeNil)
|
|
|
|
client, err := common.CreateHTTPClient(&common.HTTPClientOptions{
|
|
TLSEnabled: true,
|
|
VerifyTLS: true,
|
|
Host: "localhost",
|
|
CertOptions: common.HTTPClientCertOptions{
|
|
ClientCertFile: path.Join(tempDir, common.ClientCertFilename),
|
|
ClientKeyFile: path.Join(tempDir, common.ClientKeyFilename),
|
|
RootCaCertFile: path.Join(tempDir, common.CaCertFilename),
|
|
},
|
|
})
|
|
So(err, ShouldBeNil)
|
|
|
|
htr, ok := client.Transport.(*http.Transport)
|
|
So(ok, ShouldBeTrue)
|
|
So(htr.TLSClientConfig.RootCAs, ShouldNotBeNil)
|
|
So(htr.TLSClientConfig.Certificates, ShouldNotBeEmpty)
|
|
})
|
|
|
|
Convey("test CreateHTTPClient() with no TLS verify", t, func() {
|
|
tempDir := t.TempDir()
|
|
err := test.CopyTestKeysAndCerts(tempDir)
|
|
So(err, ShouldBeNil)
|
|
|
|
client, err := common.CreateHTTPClient(&common.HTTPClientOptions{
|
|
TLSEnabled: true,
|
|
VerifyTLS: false,
|
|
Host: "localhost",
|
|
CertOptions: common.HTTPClientCertOptions{
|
|
ClientCertFile: path.Join(tempDir, common.ClientCertFilename),
|
|
ClientKeyFile: path.Join(tempDir, common.ClientKeyFilename),
|
|
RootCaCertFile: path.Join(tempDir, common.CaCertFilename),
|
|
},
|
|
})
|
|
So(err, ShouldBeNil)
|
|
|
|
htr, ok := client.Transport.(*http.Transport)
|
|
So(ok, ShouldBeTrue)
|
|
So(htr.TLSClientConfig.Certificates, ShouldBeEmpty)
|
|
So(htr.TLSClientConfig.RootCAs, ShouldBeNil)
|
|
So(htr.TLSClientConfig.InsecureSkipVerify, ShouldBeTrue)
|
|
})
|
|
|
|
Convey("test CreateHTTPClient() with no TLS, but TLS verify enabled", t, func() {
|
|
tempDir := t.TempDir()
|
|
err := test.CopyTestKeysAndCerts(tempDir)
|
|
So(err, ShouldBeNil)
|
|
|
|
client, err := common.CreateHTTPClient(&common.HTTPClientOptions{
|
|
TLSEnabled: false,
|
|
VerifyTLS: true,
|
|
Host: "localhost",
|
|
CertOptions: common.HTTPClientCertOptions{
|
|
ClientCertFile: path.Join(tempDir, common.ClientCertFilename),
|
|
ClientKeyFile: path.Join(tempDir, common.ClientKeyFilename),
|
|
RootCaCertFile: path.Join(tempDir, common.CaCertFilename),
|
|
},
|
|
})
|
|
So(err, ShouldBeNil)
|
|
|
|
htr, ok := client.Transport.(*http.Transport)
|
|
So(ok, ShouldBeTrue)
|
|
So(htr.TLSClientConfig.Certificates, ShouldBeEmpty)
|
|
So(htr.TLSClientConfig.RootCAs, ShouldBeNil)
|
|
So(htr.TLSClientConfig.InsecureSkipVerify, ShouldBeFalse)
|
|
})
|
|
}
|