Commit 20365722 authored by Sanad Liaquat's avatar Sanad Liaquat

Merge branch 'registry-with-auth-tokens' into 'master'

Add container registry with multiple auth tokens test

See merge request gitlab-org/gitlab!71912
parents 44b2c899 809fb115
...@@ -36,7 +36,7 @@ ...@@ -36,7 +36,7 @@
.text-secondary= s_('DeployTokens|Allows read-only access to registry images.') .text-secondary= s_('DeployTokens|Allows read-only access to registry images.')
%fieldset.form-group.form-check %fieldset.form-group.form-check
= f.check_box :write_registry, class: 'form-check-input' = f.check_box :write_registry, class: 'form-check-input', data: { qa_selector: 'deploy_token_write_registry_checkbox' }
= f.label :write_registry, 'write_registry', class: 'label-bold form-check-label' = f.label :write_registry, 'write_registry', class: 'label-bold form-check-label'
.text-secondary= s_('DeployTokens|Allows read and write access to registry images.') .text-secondary= s_('DeployTokens|Allows read and write access to registry images.')
......
...@@ -12,6 +12,7 @@ module QA ...@@ -12,6 +12,7 @@ module QA
element :deploy_token_read_package_registry_checkbox element :deploy_token_read_package_registry_checkbox
element :deploy_token_write_package_registry_checkbox element :deploy_token_write_package_registry_checkbox
element :deploy_token_read_registry_checkbox element :deploy_token_read_registry_checkbox
element :deploy_token_write_registry_checkbox
element :create_deploy_token_button element :create_deploy_token_button
end end
...@@ -29,11 +30,12 @@ module QA ...@@ -29,11 +30,12 @@ module QA
fill_element(:deploy_token_expires_at_field, expires_at.to_s + "\n") fill_element(:deploy_token_expires_at_field, expires_at.to_s + "\n")
end end
def fill_scopes(read_repository: false, read_registry: false, read_package_registry: false, write_package_registry: false) def fill_scopes(scopes)
check_element(:deploy_token_read_repository_checkbox) if read_repository check_element(:deploy_token_read_repository_checkbox) if scopes.include? :read_repository
check_element(:deploy_token_read_package_registry_checkbox) if read_package_registry check_element(:deploy_token_read_package_registry_checkbox) if scopes.include? :read_package_registry
check_element(:deploy_token_write_package_registry_checkbox) if write_package_registry check_element(:deploy_token_write_package_registry_checkbox) if scopes.include? :write_package_registry
check_element(:deploy_token_read_registry_checkbox) if read_registry check_element(:deploy_token_read_registry_checkbox) if scopes.include? :read_registry
check_element(:deploy_token_write_registry_checkbox) if scopes.include? :write_registry
end end
def add_token def add_token
......
...@@ -4,6 +4,7 @@ module QA ...@@ -4,6 +4,7 @@ module QA
module Resource module Resource
class DeployToken < Base class DeployToken < Base
attr_accessor :name, :expires_at attr_accessor :name, :expires_at
attr_writer :scopes
attribute :username do attribute :username do
Page::Project::Settings::Repository.perform do |repository_page| Page::Project::Settings::Repository.perform do |repository_page|
...@@ -37,7 +38,7 @@ module QA ...@@ -37,7 +38,7 @@ module QA
setting.expand_deploy_tokens do |page| setting.expand_deploy_tokens do |page|
page.fill_token_name(name) page.fill_token_name(name)
page.fill_token_expires_at(expires_at) page.fill_token_expires_at(expires_at)
page.fill_scopes(read_repository: true, read_package_registry: true, write_package_registry: true) page.fill_scopes(@scopes)
page.add_token page.add_token
end end
......
...@@ -3,10 +3,27 @@ ...@@ -3,10 +3,27 @@
module QA module QA
RSpec.describe 'Package', :orchestrated, only: { pipeline: :main } do RSpec.describe 'Package', :orchestrated, only: { pipeline: :main } do
describe 'Self-managed Container Registry' do describe 'Self-managed Container Registry' do
using RSpec::Parameterized::TableSyntax
let(:project) do let(:project) do
Resource::Project.fabricate_via_api! do |project| Resource::Project.fabricate_via_api! do |project|
project.name = 'project-with-registry' project.name = 'project-with-registry'
project.template_name = 'express' project.template_name = 'express'
project.visibility = :private
end
end
let(:project_deploy_token) do
Resource::DeployToken.fabricate_via_browser_ui! do |deploy_token|
deploy_token.name = 'registry-deploy-token'
deploy_token.project = project
deploy_token.scopes = [
:read_repository,
:read_package_registry,
:write_package_registry,
:read_registry,
:write_registry
]
end end
end end
...@@ -19,6 +36,8 @@ module QA ...@@ -19,6 +36,8 @@ module QA
end end
end end
let(:personal_access_token) { Runtime::Env.personal_access_token }
before do before do
Flow::Login.sign_in Flow::Login.sign_in
project.visit! project.visit!
...@@ -26,10 +45,40 @@ module QA ...@@ -26,10 +45,40 @@ module QA
after do after do
runner.remove_via_api! runner.remove_via_api!
project.remove_via_api!
end
where(:authentication_token_type, :token_name) do
:personal_access_token | 'Personal Access Token'
:project_deploy_token | 'Deploy Token'
:ci_job_token | 'Job Token'
end
with_them do
let(:auth_token) do
case authentication_token_type
when :personal_access_token
"\"#{personal_access_token}\""
when :project_deploy_token
"\"#{project_deploy_token.password}\""
when :ci_job_token
'$CI_JOB_TOKEN'
end
end end
context 'when tls is enabled' do let(:auth_user) do
it "pushes image and deletes tag", :registry_tls, testcase: 'https://gitlab.com/gitlab-org/quality/testcases/-/quality/test_cases/1911' do case authentication_token_type
when :personal_access_token
"$CI_REGISTRY_USER"
when :project_deploy_token
"\"#{project_deploy_token.username}\""
when :ci_job_token
'gitlab-ci-token'
end
end
context "when tls is disabled" do
it "using a #{params[:token_name]}, pushes image and deletes tag", :registry do
Resource::Repository::Commit.fabricate_via_api! do |commit| Resource::Repository::Commit.fabricate_via_api! do |commit|
commit.project = project commit.project = project
commit.commit_message = 'Add .gitlab-ci.yml' commit.commit_message = 'Add .gitlab-ci.yml'
...@@ -42,18 +91,11 @@ module QA ...@@ -42,18 +91,11 @@ module QA
stage: build stage: build
services: services:
- name: docker:19.03.12-dind - name: docker:19.03.12-dind
command: command: ["--insecure-registry=gitlab.test:5050"]
- /bin/sh
- -c
- |
apk add --no-cache openssl
true | openssl s_client -showcerts -connect gitlab.test:5050 > /usr/local/share/ca-certificates/gitlab.test.crt
update-ca-certificates
dockerd-entrypoint.sh || exit
variables: variables:
IMAGE_TAG: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG IMAGE_TAG: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG
script: script:
- docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD gitlab.test:5050 - docker login -u #{auth_user} -p #{auth_token} gitlab.test:5050
- docker build -t $IMAGE_TAG . - docker build -t $IMAGE_TAG .
- docker push $IMAGE_TAG - docker push $IMAGE_TAG
tags: tags:
...@@ -85,9 +127,10 @@ module QA ...@@ -85,9 +127,10 @@ module QA
end end
end end
end end
end
context "when tls is disabled" do context "when tls is enabled" do
it "pushes image and deletes tag", :registry, testcase: 'https://gitlab.com/gitlab-org/quality/testcases/-/quality/test_cases/2378' do it "pushes image and deletes tag", :registry_tls, testcase: 'https://gitlab.com/gitlab-org/quality/testcases/-/quality/test_cases/2378' do
Resource::Repository::Commit.fabricate_via_api! do |commit| Resource::Repository::Commit.fabricate_via_api! do |commit|
commit.project = project commit.project = project
commit.commit_message = 'Add .gitlab-ci.yml' commit.commit_message = 'Add .gitlab-ci.yml'
...@@ -100,7 +143,14 @@ module QA ...@@ -100,7 +143,14 @@ module QA
stage: build stage: build
services: services:
- name: docker:19.03.12-dind - name: docker:19.03.12-dind
command: ["--insecure-registry=gitlab.test:5050"] command:
- /bin/sh
- -c
- |
apk add --no-cache openssl
true | openssl s_client -showcerts -connect gitlab.test:5050 > /usr/local/share/ca-certificates/gitlab.test.crt
update-ca-certificates
dockerd-entrypoint.sh || exit
variables: variables:
IMAGE_TAG: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG IMAGE_TAG: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG
script: script:
...@@ -119,8 +169,8 @@ module QA ...@@ -119,8 +169,8 @@ module QA
pipeline.click_job('build') pipeline.click_job('build')
end end
Page::Project::Job::Show.perform do |job| Support::Retrier.retry_until(max_duration: 800, sleep_interval: 10) do
expect(job).to be_successful(timeout: 800) project.pipelines.last[:status] == 'success'
end end
Page::Project::Menu.perform(&:go_to_container_registry) Page::Project::Menu.perform(&:go_to_container_registry)
......
...@@ -19,6 +19,11 @@ module QA ...@@ -19,6 +19,11 @@ module QA
Resource::DeployToken.fabricate_via_browser_ui! do |deploy_token| Resource::DeployToken.fabricate_via_browser_ui! do |deploy_token|
deploy_token.name = 'npm-deploy-token' deploy_token.name = 'npm-deploy-token'
deploy_token.project = project deploy_token.project = project
deploy_token.scopes = [
:read_repository,
:read_package_registry,
:write_package_registry
]
end end
end end
......
...@@ -19,6 +19,11 @@ module QA ...@@ -19,6 +19,11 @@ module QA
Resource::DeployToken.fabricate_via_browser_ui! do |deploy_token| Resource::DeployToken.fabricate_via_browser_ui! do |deploy_token|
deploy_token.name = 'npm-deploy-token' deploy_token.name = 'npm-deploy-token'
deploy_token.project = project deploy_token.project = project
deploy_token.scopes = [
:read_repository,
:read_package_registry,
:write_package_registry
]
end end
end end
......
...@@ -12,6 +12,7 @@ module QA ...@@ -12,6 +12,7 @@ module QA
deploy_token = Resource::DeployToken.fabricate_via_browser_ui! do |resource| deploy_token = Resource::DeployToken.fabricate_via_browser_ui! do |resource|
resource.name = deploy_token_name resource.name = deploy_token_name
resource.expires_at = one_week_from_now resource.expires_at = one_week_from_now
resource.scopes = [:read_repository]
end end
expect(deploy_token.username.length).to be > 0 expect(deploy_token.username.length).to be > 0
......
...@@ -45,6 +45,11 @@ module QA ...@@ -45,6 +45,11 @@ module QA
Resource::DeployToken.fabricate_via_browser_ui! do |deploy_token| Resource::DeployToken.fabricate_via_browser_ui! do |deploy_token|
deploy_token.name = 'package-deploy-token' deploy_token.name = 'package-deploy-token'
deploy_token.project = package_project deploy_token.project = package_project
deploy_token.scopes = [
:read_repository,
:read_package_registry,
:write_package_registry
]
end end
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment