def test_need_token_authentication_basic_auth(requests_mock):
service = "registry.docker.io"
auth_url = "https://auth.test-registry.redhat.com"
requests_mock.register_uri(
"GET",
"https://test-registry.redhat.com/v2/",
[
{
"status_code": 401,
"headers": {
"Www-Authenticate":
'Bearer realm="%s/token",service="%s"' %
(auth_url, service)
},
},
{
"status_code": 200
},
],
)
requests_mock.register_uri(
"GET",
"%s/token?service=%s" % (auth_url, service),
json={"token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1"},
)
api_version_check("https://test-registry.redhat.com",
credentials=("login", "password"))
assert requests_mock.call_count == 3
requests_mock.request_history[1].headers[
"Authorization"] == "Basic bG9naW46cGFzc3dvcmQ="
def test_request_token_only_if_requested_by_server(requests_mock):
tag = "latest"
image = "repo/sitory"
service = "registry.docker.io"
# If basic authentication fails and no bear authentication is requested by server
# then fail immediately
requests_mock.register_uri("GET",
"https://%s/v2/" % service,
status_code=401,
reason="Unauthorized access")
with pytest.raises(requests.exceptions.HTTPError,
match="401 Client Error: Unauthorized access"):
api_version_check("https://%s" % service, credentials=("user", "pass"))
def test_need_token_authentication(requests_mock):
service = "test-registry"
auth_url = "https://auth.test-registry.redhat.com"
requests_mock.register_uri(
"GET",
"https://test-registry.redhat.com/v2/",
[
{
"status_code": 401,
"headers": {
"Www-Authenticate":
'Bearer realm="%s/token",service="%s"' %
("https://auth.test-registry.redhat.com", service)
},
},
{
"status_code": 200
},
],
)
requests_mock.register_uri(
"GET",
"%s/token?service=%s" % (auth_url, service),
json={"token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1"},
)
assert api_version_check("https://test-registry.redhat.com")
assert [(x.method, x.url) for x in requests_mock.request_history] == [
("GET", "https://test-registry.redhat.com/v2/"),
("GET",
"https://auth.test-registry.redhat.com/token?service=test-registry"),
("GET", "https://test-registry.redhat.com/v2/"),
]
def test_authentication_basic_auth(requests_mock):
"""For services with just basic auth (docker-pulp) no Bearer tokens
are emitted. Instead Basic auth is required."""
service = "registry.docker.io"
auth_url = "https://auth.test-registry.redhat.com"
requests_mock.register_uri(
"GET",
"https://%s/v2/" % service,
[
{
"status_code": 401,
"headers": {
"Www-Authenticate": 'Basic realm="pub-dev-pulp"'
},
},
{
"status_code": 200
},
],
)
requests_mock.register_uri("GET", auth_url)
assert api_version_check("https://registry.docker.io",
credentials=("login", "password"))
assert requests_mock.call_count == 2
# second request (after failed first) should contain auth headers
# base64.encode('login:password')
requests_mock.request_history[1].headers[
"Authorization"] == "Basic bG9naW46cGFzc3dvcmQ="
def test_need_token_authentication_no_realm(requests_mock):
service = "test-registry"
auth_url = "https://auth.test-registry.redhat.com"
requests_mock.register_uri(
"GET",
"https://test-registry.redhat.com/v2/",
[
{
"status_code": 401,
"headers": {
"Www-Authenticate": "Bearer"
},
},
{
"status_code": 200
},
],
)
requests_mock.register_uri(
"GET",
"%s/token?service=%s" % (auth_url, service),
json={"token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1"},
)
with pytest.raises(
IOError,
match=re.escape("No realm specified for token auth challenge.")):
assert api_version_check("https://test-registry.redhat.com")
def test_api_version_check_404(requests_mock):
"""For services with just basic auth (docker-pulp) no Bearer tokens
are emitted. Instead Basic auth is required."""
service = "registry.docker.io"
auth_url = "https://auth.test-registry.redhat.com"
requests_mock.register_uri(
"GET",
"https://%s/v2/" % service,
[
{
"status_code": 404,
},
],
)
assert not api_version_check("https://registry.docker.io",
credentials=("login", "password"))
assert requests_mock.call_count == 1
def test_provided_token_authentication(requests_mock):
service = "test-registry"
auth_url = "https://auth.test-registry.redhat.com"
requests_mock.register_uri(
"GET",
"https://test-registry.redhat.com/v2/",
[
{
"status_code": 200
},
],
)
assert api_version_check("https://test-registry.redhat.com",
token=AuthToken("123"))
assert [(x.method, x.url) for x in requests_mock.request_history] == [
("GET", "https://test-registry.redhat.com/v2/"),
]
def test_api_version_check_unknown_registry_version(requests_mock):
"""For services with just basic auth (docker-pulp) no Bearer tokens
are emitted. Instead Basic auth is required."""
service = "registry.docker.io"
auth_url = "https://auth.test-registry.redhat.com"
requests_mock.register_uri(
"GET",
"https://%s/v2/" % service,
[{
"status_code": 200,
"headers": {
"Docker-Distribution-API-Version": "registry/3.0"
},
}],
)
assert not api_version_check("https://registry.docker.io",
credentials=("login", "password"))
assert requests_mock.call_count == 1